Skip to main content

LiveRamp Embedded Identity in Snowflake

LiveRamp's Embedded Identity is available through native apps in Snowflake's Marketplace.

There are two available operations that you can perform using the LiveRamp native apps:

  • Identity Resolution, which allows you to resolve an identifier (a device ID or PII, such as name, address, email, or phone) to LiveRamp’s person-based, pseudonymous identifier, RampID. You can also resolve a person-based RampID to a household-based RampID. For more information, see "Perform Identity Resolution".

  • RampID Transcoding, which transcodes a RampID in one domain to a RampID in another domain. Transcoding converts or translates the pseudonymous person-based identifier (the RampID) for use by another party. For more information, see "Perform RampID Transcoding".

When you install either of these native apps, it creates a set of tables and a schema, and writes a set of procedures into the Snowflake worksheet. To perform an operation, you provide an input table that contains the relevant identifiers and a metadata table that contains information on the operation to be performed.


LiveRamp's Embedded Identity in Snowflake is currently in beta. To find out more about participating in this program, contact

LiveRamp Native Apps

Transcoding and identity resolution capabilities are available within Snowflake through a LiveRamp native app, which creates a share to your account, opening up a view to query the reference data set from within your own Snowflake environment. The LiveRamp native apps install from tiles in the Snowflake Marketplace.

For instructions on setting up a native app, see "Set Up a Native App".

A native application has two sides:

  • Provider side (LiveRamp).

  • Consumer side (LiveRamp partner).

You perform the operation that the native application enables. Upon initialization, the native app runs an installer script in your account to create an appropriate role and pass the needed stored procedures. The data can then be queried from your account while the reference data set remains in LiveRamp's account. This is accomplished through the secure share capability, enabling view access to the app database.

The LiveRamp native application’s architecture is shown in the figure below. This application can perform various operations based on the parameters you specify with metadata: transcoding or identity resolution, for example.

As an example, consider a transcoding operation that converts a RampID in one domain to a RampID in another domain shown in the figure below. This operation requires the permission of the two parties, and once permission is granted, LiveRamp makes available the LR_APP_SHARE to the partner performing the transcode. That share appears in the partner’s Snowflake Shares list.

Native application architecture.
Figure 4. Native application architecture.


After you’ve updated the firewall configuration to enable authentication, the authentication call is routed to LiveRamp’s GCP instance with the client ID and secret. All data stays in Snowflake.

The sections that follow describe the prerequisites for performing operations, how to enable the operation, and how to get support if you require it.


The following prerequisites are needed to access LiveRamp in Snowflake:

Enabling LiveRamp Embedded Identity in Snowflake

To enable LiveRamp Embedded Identity in Snowflake, the following tasks must be performed:

  1. You execute an agreement with LiveRamp to access the service, including the permission required between the parties for transcoding operations, if appropriate (permissions can also be revoked at any time by emailing

  2. LiveRamp reviews the use case, including any additional Data Ethics reviews if required.

  3. If you don’t already have credentials for LiveRamp's Identity API, LiveRamp sends you a client ID and a secret for authentication.

  4. LiveRamp sends you the Snowflake account ID/locator for the app to be installed.


The LiveRamp Identity Service in Snowflake relies on the same authentication service as LiveRamp's AbiliTec and RampID APIs (Identity APIs). If you have credentials to those APIs, you can use your previously assigned credentials.

Authenticating with LiveRamp's native app service requires a call directly from the client's Snowflake seat to LiveRamp's core services. For information, see the "Enable Authentication" section in "Set Up a Native App."

Client credentials are used to obtain an access token by passing the client ID and client secret values. For information, see "About Identity Authentication."

Product Support

For support issues, email