Snowflake Data Clean Rooms: Identity and data provider connectors¶

You can use connectors to integrate your clean room environment with what your ecosystem partners provides. This topic describes how the clean room admin can configure a connector so that users can enhance their data in the clean room with data provided by an identity partner.

If you are a provider who wants to control which connectors show up as options when a clean room user is creating or installing a clean room, see Customize available connectors.

Important

Third-party connectors are not offered by Snowflake and may be subject to additional terms. These integrations are made available for your convenience, but you are responsible for any content sent to or received from the integrations.

LiveRamp Retrieval API connector¶

The LiveRamp Retrieval API translates personally identifiable information (PII) into a durable, pseudonymous RampID.

Before completing the following procedure, you must contact Snowflake Support to create the configuration table that is required for this connector.

To configure the connector so that your clean environment is integrated with the LiveRamp Retrieval API:

In the left navigation, select Connectors.
Select the Identity & Data Providers tab.
Expand LiveRamp Retrieval API.
In the Configuration Table field, enter the fully qualified name of the configuration table that you created with the assistance of Support.
Select Save.

LiveRamp Transcoding API connector¶

LiveRamp Transcoding API translates your RampID into another collaborator’s RampID space.

Before completing the following procedure, you must contact Snowflake Support to create the configuration table that is required for this connector.

To configure the connector so that your clean environment is integrated with the LiveRamp Transcoding API:

In the left navigation, select Connectors.
Select the Identity & Data Providers tab.
Expand LiveRamp Transcoding API.
In the Configuration Table field, enter the fully qualified name of the configuration table that you created with the assistance of Support.
Under RampID Collaborators, enter the following:
1. In the Snowflake Account Locator field, enter the account locator of your collaborator’s Snowflake account.
2. In the Target Domain field, enter LiveRamp’s target domain for your collaborator’s RampID space.
Select Save.

TransUnion TruAudience Identity connector¶

TransUnion TruAudience Identity provides consumer data hygiene, enrichment, and matching solutions using online and offline identifiers.

This section describes how to configure the connector for TransUnion TruAudience Identity. If you are a clean room user who wants to use TransUnion TruAudience Identity during the creation or installation process, see Identity Hub: TransUnion TruAudience Identity.

After you configure the connector, Snowflake maintains a cache that maps TransUnion collaborator IDs to values that uniquely identify records in the source table. As an administrator, you can manage this cache, for example, by deleting specific records from the cache. For more information, see Cache for TransUnion TruAudience Identity.

Prerequisites¶

The following must be completed before configuring the TransUnion TruAudience Identity connector in the clean room environment:

Prerequisite 1: Install the TransUnion native app

Use the Snowflake Marketplace to install the native app for TransUnion TruAudience Identity.

Prerequisite 2: Grant privileges to the SAMOOHA_APP_ROLE role

After the TransUnion native app has been installed, but before a clean room administrator configures the connector, the owner of the TransUnion native app must:

Sign in to Snowsight.
Assume the role that has ownership rights to the TransUnion native app. For example, if the tu_admin_role role is the owner of the TransUnion native app, execute:
```
USE ROLE tu_admin_role;
```
Copy
Execute the following command to grant Snowflake Data Clean Rooms access to the TransUnion application role:
```
GRANT APPLICATION ROLE <transunion_app_database>.tru_app_public
   TO ROLE samooha_app_role;
```
Copy

Prerequisite 3: Ensure required stored procedure exists

The TransUnion connector relies on a stored procedure, which might not exist in some clean room environments. To ensure that the stored procedure exists, execute the following command as a user with the ACCOUNTADMIN role:

USE ROLE ACCOUNTADMIN;

DESCRIBE PROCEDURE SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.PUBLIC.GRANT_EXTERNAL_APP_ROLE;

Copy

If you receive an error that the procedure does not exist, you must use the following commands to create it:

USE ROLE ACCOUNTADMIN;

CREATE OR REPLACE PROCEDURE SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.PUBLIC.GRANT_EXTERNAL_APP_ROLE(APP_ROLE string, APPLICATION string)
   RETURNS string
   LANGUAGE SQL
   EXECUTE AS OWNER
   AS
   $$
   GRANT APPLICATION ROLE IDENTIFIER(:APP_ROLE) TO APPLICATION IDENTIFIER(:APPLICATION);
   $$;

GRANT USAGE ON PROCEDURE SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.PUBLIC.GRANT_EXTERNAL_APP_ROLE(string, string) TO ROLE SAMOOHA_APP_ROLE;

Copy

Configure connector¶

To configure the TransUnion TruAudience Identity connector:

Sign in to your clean room environment in the web app.
In the left navigation, select Connectors.
Select the Identity & Data Providers tab.
Expand TransUnion - TruAudience Identity.
In the Application Database field, enter the name of the application database that was installed by the TransUnion native app
In the Collaboration Key field, enter the collaboration key received from TransUnion for authorization.
Select a warehouse that is used when clean room users integrate a table with TransUnion TruAudience Identity.

If you want to complete the process of matching identities within an hour, use the following guidelines to help select the right warehouse size:

Number of rows

Warehouse size

< 100k

Large

1 million

XLarge

5-10 million with addresses

3X-Large

> 10 million

3X-Large
Select Authenticate.

Number of rows	Warehouse size
< 100k	Large
1 million	XLarge
5-10 million with addresses	3X-Large
> 10 million	3X-Large

Acxiom Real ID connector¶

Acxiom Real ID lets you generate Real IDs securely within Snowflake, without ever needing to transfer personally identifiable information (PII) outside your Snowflake account.

Important

Before configuring the Acxiom connector, you must contact Acxiom for help installing their native app.

Prerequisite¶

After the Acxiom native app has been installed, but before a clean room administrator configures the connector, the owner of the Acxiom native app must:

Sign in to Snowsight.
Assume the role that has ownership rights to the Acxiom native app. For example, if the acxiom_admin_role role is the owner of the Acxiom native app, execute:
```
USE ROLE acxiom_admin_role;
```
Copy
Execute the following command to grant Snowflake Data Clean Rooms access to the Acxiom application role:
```
GRANT APPLICATION ROLE <acxiom_app_database>.realid_app_role
   TO ROLE samooha_app_role;
```
Copy

Configure connector¶

To configure the Acxiom Real ID connector:

Sign in to your clean room environment in the web app.
In the left navigation, select Connectors.
Select the Identity & Data Providers tab.
Expand Acxiom - Real ID.
In the Application Database field, enter the name of the application database that was installed by the Acxiom native app.
Use the Warehouse drop-down list to select DCR_WH_XLarge. Alternatively, you can select a different warehouse as long as its size is XLARGE or bigger. For more information about creating a warehouse for use with Snowflake Data Clean Rooms, see Add warehouse options.
Select Save.

Acxiom Real ID Transcoding connector¶

The transcoding functionality of Acxiom Real ID lets you generate a crosswalk of your Acxiom Real IDs and your business partners’ Acxiom Real IDs, without ever needing to transfer PII outside your Snowflake account.

Important

Before configuring the Acxiom connector, you must contact Acxiom for help installing their native app.

Prerequisite¶

After the Acxiom native app has been installed, but before a clean room administrator configures the connector, the owner of the Acxiom native app must:

Sign in to Snowsight.
Assume the role that has ownership rights to the Acxiom native app. For example, if the acxiom_admin_role role is the owner of the Acxiom native app, execute:
```
USE ROLE acxiom_admin_role;
```
Copy
Execute the following command to grant Snowflake Data Clean Rooms access to the Acxiom application role:
```
GRANT APPLICATION ROLE <acxiom_app_database>.realid_app_role TO ROLE samooha_app_role;
```
Copy

Configure connector¶

To configure the Acxiom Real ID Transcoding connector:

Sign in to your clean room environment in the web app.
In the left navigation, select Connectors.
Select the Identity & Data Providers tab.
Expand Acxiom Real ID Transcoding.
In the Application Database field, enter the name of the application database that was installed by the Acxiom native app.
In the Client ID field, enter the client ID provided by Acxiom when you installed the native app.
In the Client Secret field, enter the client secret provided by Acxiom when you installed the native app.
Use the Warehouse drop-down list to select DCR_WH_XLarge. Alternatively, you can select a different warehouse as long as its size is XLARGE or bigger. For more information about creating a warehouse for use with Snowflake Data Clean Rooms, see Add warehouse options.
In the Acxiom Collaborator section, select one or more collaborators along with the client ID and client secret that was generated for them when they installed the Acxiom Real ID Transcoding native app. You’ll need to contact your collaborators to get their client ID and client secret.

If your collaborator does not appear in the list, you must add them to the clean room environment.
Select Save.