π Note
Hyperproof connects to many third-party systems that frequently change, including the system interface. Contact your System Administrator or the third-party provider for assistance in meeting the requirements to integrate with Hyperproof and collect the proof you need.
When you create a Hypersync between Hyperproof and Snowflake, you can automatically collect the following proof types:
Snowflake proof types and fields
Proof type | Fields | Testable |
Get View | Fields on this proof will vary based on your Snowflake settings. | Yes |
List of Users | Name, Username, Email, Role, Disabled, MFA, Last Login, Password Expire | Yes |
List of Users and Roles | Name, Username, Email, Roles, Disabled, MFA, Last login, Password Expired | Yes |
Time Travel Configuration by Database | Database, Schema, Table, Retention time in days | Yes |
Time Travel Configuration for Databases | Database, Retention time in days | Yes |
β
List of Users
Get View
Time Travel Configuration by Database
Time Travel Configuration for Databases
Snowflake notes on proof types
List of Users and Roles
π Note
ACCOUNT_ADMINpermission is required for this proof type to access theACCOUNT_USAGEschema.If the service account has many roles, the default account role must be changed to one with the
ACCOUNT_ADMINpermission in the Snowflake web console.
Get View proof type
The Get View proof type allows you to retrieve views, reports, or queries that must be configured in the source app, i.e. Snowflake. This provides more flexibility with the information returned in the proof. For more information, refer to the official Snowflake documentation.
Additional documentation
Connecting to Snowflake
Authentication type: Custom
β
Custom authentication parameters: Snowflake Account Identifier, Username, Private Key
π Note
When you configure the Hypersync, don't use the full URL for your Snowflake account in the Account Identifier field. Instead, use your Snowflake instance name. Using the full URL generates a Bad Request error.
β
For example, if your Snowflake URL is https://megatech-1234.snowflakecomputing.com use megatech-1234 as your account identifier.
Certain cloud services offer specialized options for IP filtering in their cloud consoles to lock down specific cloud API endpoints for security and compliance purposes. You can use the Hyperproof static IP addresses to allow communication between Hyperproof Hypersyncs and your cloud service.
π Note
IP addresses for the Hyperproof Gov will be deprecated and replaced, as shown in the following table:
Service | Current IP address | New IP address |
Main app | 4.154.201.6 | 4.155.77.155 |
Integrations | 4.246.104.90 | 4.155.78.5 |
To prevent connectivity issues, it is recommended that you include all four IP addresses in your allowlists.
Hyperproof US IP addresses - 20.184.128.53, 52.9.169.38, 52.159.252.1
π Note
IP address 52.9.169.38 will be deprecated and replaced with 52.159.252.1 in the future. To prevent connectivity issues, it is recommended that you include all three IP addresses in your allowlists.
Hyperproof EU IP addresses - 9.141.172.46, 4.185.45.100
Hyperproof Gov IP addresses - 4.154.201.6, 4.246.104.90
See Hyperproof instances for more information.
π Note
You only need to connect Hyperproof to the app once, and then you can create as many Hypersyncs as you need.
β
Additionally, you can create multiple Hypersyncs for a single control or label.
Configuring the Hypersync for Snowflake
Before setting up a Snowflake Hypersync, key pairs must be generated and assigned to a Snowflake user. A Snowflake admin with the following abilities can do this.
ACCOUNTADMINpermissionFamiliarity with running commands in Snowflake
OPENSSLavailable to generate key pairs
Configuring a limited access service account in Snowflake
It's recommended to create a service account user (e.g. HYPERPROOFCLIENT) thatβs dedicated for use by the Hypersync so that it exists independently of a named person in your organization.
β
For explicit instructions on how to generate key pairs and assign them to a user, please refer to the official Snowflake documentation. See the note and tip below for additional information.
π Note
In step 1 of the Snowflake documentation, generate an UNENCRYPTED private key. This private key, including -----BEGIN PRIVATE KEY----- all the way to and including -----END PRIVATE KEY-----, will be pasted into the Hypersyncβs credentials.
π‘ Tip
Snowflake allows a user to have up to two (2) public keys to accommodate key rotation.
To configure a limited access service account:
In Snowflake, navigate to Admin > Users & Roles. Create a new role called
HYPERPROOFREADER.If using the 'List of Users' proof type, grant the
SECURITYADMINrole toHYPERPROOFREADER. If you are not using this proof type, you can skip this step.For the other proof types, grant the following privileges to
HYPERPROOFREADER:Get View
USAGEon the database or databases containing the view or views on which you want to reportUSAGEon the schemas that contain the view or views on which you want to reportSELECTon the view or views on which you want to report
Time Travel Configuration by Database
USAGEon the databases on which you want to reportUSAGEon the schemas within those databases
Time Travel Configuration for Databases
USAGEon the databases on which you want to report
Create a new user called
HYPERPOOFCLIENTand assign that user the role ofHYPERPROOFREADER.π‘ Tip
Be sure
HYPERPROOFCLIENTis assigned to a default warehouse and a default namespace.
Refer to Snowflake's Overview of Access Control documentation for more information.
![Hyperproof.Io [Test] Help Center](https://downloads.intercomcdn.com/i/o/xgk1dxp2/757668/427b255f2659cc7e0853d6a00ec1/628914ae2617199b7d999ba797a5305a.png)