LiveRamp Embedded Identity in Snowflake
LiveRamp's Embedded Identity is available through the LiveRamp Identity Resolution and Transcoding native app in Snowflake's Marketplace.
There are two available operations that you can perform using the LiveRamp native app:
Identity Resolution, which allows you to resolve an identifier (a device ID or PII, such as name, address, email, or phone) to LiveRamp's person-based, pseudonymous identifier, RampID. You can also resolve a person-based RampID to a household-based RampID. For more information, see "Perform Identity Resolution in Snowflake".
RampID Translation, which translates a RampID in one domain to a RampID in another domain. Translation converts or translates the pseudonymous person-based identifier (the RampID) for use by another party. For more information, see "Perform RampID Translation in Snowflake".
When you install the LiveRamp native app, it creates a set of tables and a schema and writes a set of procedures into the Snowflake worksheet. To perform an operation, you provide an input table that contains the relevant identifiers and a metadata table that contains information on the operation to be performed.
Note
LiveRamp's Embedded Identity in Snowflake is currently in beta. To find out more about participating in this program, contact snowflake@liveramp.com.
For information on product support, including what support is and is not provided by LiveRamp, see "LiveRamp Support for Embedded Identity in Cloud Environments".
The LiveRamp Identity Resolution and Transcoding Native App
Transcoding and identity resolution capabilities are available within Snowflake through the LiveRamp Identity Resolution and Transcoding native app, which creates a share to your account, opening up a view to query the reference data set from within your own Snowflake environment. The LiveRamp native app is installed from the Snowflake Marketplace.
For instructions on setting up the native app, see "Set Up the LiveRamp Native App in Snowflake".
The native application has two sides:
Provider side (LiveRamp).
Consumer side (LiveRamp partner).
You perform the operation that the native application enables. Upon initialization, the native app runs an installer script in your account to create an appropriate role and pass the needed stored procedures. The data can then be queried from your account while the reference data set remains in LiveRamp's account. This is accomplished through the secure share capability, enabling view access to the app database.
The LiveRamp native application’s architecture is shown in the figure below. This application can perform various operations based on the parameters you specify with metadata: translation or identity resolution, for example.
As an example, consider a translation operation that converts a RampID in one domain to a RampID in another domain. This operation requires the permission of the two parties, and once permission is granted, LiveRamp makes available the LR_APP_SHARE to the partner performing the translation. That share appears in the partner’s Snowflake Shares list.
Note
After you’ve enabled authentication, the authentication call is routed to LiveRamp’s GCP instance with the client ID and secret. All data stays in Snowflake.
The sections that follow describe the prerequisites for performing operations, how to enable the operation, and how to get support if you require it.
Prerequisites
The following prerequisites are needed to access LiveRamp in Snowflake:
Administrator or role access to a Snowflake account. For information, see “Enabling non-ACCOUNTADMIN Roles to Perform Data Sharing Tasks” in the Snowflake help.
Permission to create Snowflake roles.
Enabling LiveRamp Embedded Identity in Snowflake
To enable LiveRamp Embedded Identity in Snowflake, the following tasks must be performed:
You execute an agreement with LiveRamp to access the service, including the permission required between the parties for transcoding operations, if appropriate (permissions can also be revoked at any time by emailing transcodingpermission@liveramp.com).
LiveRamp reviews the use case, including any additional Data Ethics reviews if required.
If you don’t already have credentials for LiveRamp's Identity API, LiveRamp sends you a client ID and a secret for authentication.
LiveRamp sends you the Snowflake account ID/locator for the app to be installed.
Authentication
The LiveRamp Identity Service in Snowflake relies on the same authentication service as LiveRamp's AbiliTec and RampID APIs (Identity APIs). If you have credentials to those APIs, you can use your previously assigned credentials.
Authenticating with LiveRamp's native app service requires a call directly from the client's Snowflake seat to LiveRamp's core services.
Client credentials are used to obtain an access token by passing the client ID and client secret values. For information, see "About Identity Authentication."