diff --git a/docs/data-sources/security_integrations.md b/docs/data-sources/security_integrations.md
index 225a2f8703..30ffc50dcb 100644
--- a/docs/data-sources/security_integrations.md
+++ b/docs/data-sources/security_integrations.md
@@ -100,10 +100,226 @@ Read-Only:
 
 Read-Only:
 
-- `todo` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--todo))
+- `blocked_roles_list` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--blocked_roles_list))
+- `comment` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--comment))
+- `enabled` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--enabled))
+- `network_policy` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--network_policy))
+- `oauth_allow_non_tls_redirect_uri` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_allow_non_tls_redirect_uri))
+- `oauth_allowed_authorization_endpoints` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_allowed_authorization_endpoints))
+- `oauth_allowed_token_endpoints` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_allowed_token_endpoints))
+- `oauth_authorization_endpoint` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_authorization_endpoint))
+- `oauth_client_id` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_client_id))
+- `oauth_client_rsa_public_key_2_fp` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_client_rsa_public_key_2_fp))
+- `oauth_client_rsa_public_key_fp` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_client_rsa_public_key_fp))
+- `oauth_client_type` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_client_type))
+- `oauth_enforce_pkce` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_enforce_pkce))
+- `oauth_issue_refresh_tokens` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_issue_refresh_tokens))
+- `oauth_redirect_uri` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_redirect_uri))
+- `oauth_refresh_token_validity` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_refresh_token_validity))
+- `oauth_token_endpoint` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_token_endpoint))
+- `oauth_use_secondary_roles` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--oauth_use_secondary_roles))
+- `pre_authorized_roles_list` (List of Object) (see [below for nested schema](#nestedobjatt--security_integrations--describe_output--pre_authorized_roles_list))
+
+<a id="nestedobjatt--security_integrations--describe_output--blocked_roles_list"></a>
+### Nested Schema for `security_integrations.describe_output.blocked_roles_list`
 
-<a id="nestedobjatt--security_integrations--describe_output--todo"></a>
-### Nested Schema for `security_integrations.describe_output.todo`
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--comment"></a>
+### Nested Schema for `security_integrations.describe_output.comment`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--enabled"></a>
+### Nested Schema for `security_integrations.describe_output.enabled`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--network_policy"></a>
+### Nested Schema for `security_integrations.describe_output.network_policy`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_allow_non_tls_redirect_uri"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_allow_non_tls_redirect_uri`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_allowed_authorization_endpoints"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_allowed_authorization_endpoints`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_allowed_token_endpoints"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_allowed_token_endpoints`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_authorization_endpoint"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_authorization_endpoint`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_client_id"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_client_id`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_client_rsa_public_key_2_fp"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_client_rsa_public_key_2_fp`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_client_rsa_public_key_fp"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_client_rsa_public_key_fp`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_client_type"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_client_type`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_enforce_pkce"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_enforce_pkce`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_issue_refresh_tokens"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_issue_refresh_tokens`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_redirect_uri"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_redirect_uri`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_refresh_token_validity"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_refresh_token_validity`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_token_endpoint"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_token_endpoint`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--oauth_use_secondary_roles"></a>
+### Nested Schema for `security_integrations.describe_output.oauth_use_secondary_roles`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--security_integrations--describe_output--pre_authorized_roles_list"></a>
+### Nested Schema for `security_integrations.describe_output.pre_authorized_roles_list`
 
 Read-Only:
 
diff --git a/docs/resources/oauth_integration_for_partner_applications.md b/docs/resources/oauth_integration_for_partner_applications.md
new file mode 100644
index 0000000000..cc772195cd
--- /dev/null
+++ b/docs/resources/oauth_integration_for_partner_applications.md
@@ -0,0 +1,315 @@
+---
+page_title: "snowflake_oauth_integration_for_partner_applications Resource - terraform-provider-snowflake"
+subcategory: ""
+description: |-
+  
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
+# snowflake_oauth_integration_for_partner_applications (Resource)
+
+
+
+## Example Usage
+
+```terraform
+# basic resource
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name               = "example"
+  oauth_client       = "LOOKER"
+  oauth_redirect_uri = "http://example.com"
+  blocked_roles_list = ["ACCOUNTADMIN", "SECURITYADMIN"]
+}
+
+# resource with all fields set
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name                         = "example"
+  oauth_client                 = "TABLEAU_DESKTOP"
+  enabled                      = "true"
+  oauth_issue_refresh_tokens   = "true"
+  oauth_refresh_token_validity = 3600
+  oauth_use_secondary_roles    = "IMPLICIT"
+  blocked_roles_list           = ["ACCOUNTADMIN", "SECURITYADMIN", "role_id1", "role_id2"]
+  comment                      = "example oauth integration for partner applications"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `blocked_roles_list` (Set of String) A set of Snowflake roles that a user cannot explicitly consent to using after authenticating.
+- `name` (String) Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
+- `oauth_client` (String) Creates an OAuth interface between Snowflake and a partner application. Valid options are: [LOOKER TABLEAU_DESKTOP TABLEAU_SERVER]
+
+### Optional
+
+- `comment` (String) Specifies a comment for the OAuth integration.
+- `enabled` (String) Specifies whether this OAuth integration is enabled or disabled. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
+- `oauth_issue_refresh_tokens` (String) Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
+- `oauth_redirect_uri` (String) Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty. External changes for this field won't be detected. In case you want to apply external changes, you can re-create the resource manually using "terraform taint".
+- `oauth_refresh_token_validity` (Number) Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.
+- `oauth_use_secondary_roles` (String) Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. Valid options are: [IMPLICIT NONE]
+
+### Read-Only
+
+- `describe_output` (List of Object) Outputs the result of `DESCRIBE SECURITY INTEGRATION` for the given integration. (see [below for nested schema](#nestedatt--describe_output))
+- `id` (String) The ID of this resource.
+- `show_output` (List of Object) Outputs the result of `SHOW SECURITY INTEGRATION` for the given integration. (see [below for nested schema](#nestedatt--show_output))
+
+<a id="nestedatt--describe_output"></a>
+### Nested Schema for `describe_output`
+
+Read-Only:
+
+- `blocked_roles_list` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--blocked_roles_list))
+- `comment` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--comment))
+- `enabled` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--enabled))
+- `network_policy` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--network_policy))
+- `oauth_allow_non_tls_redirect_uri` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_allow_non_tls_redirect_uri))
+- `oauth_allowed_authorization_endpoints` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_allowed_authorization_endpoints))
+- `oauth_allowed_token_endpoints` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_allowed_token_endpoints))
+- `oauth_authorization_endpoint` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_authorization_endpoint))
+- `oauth_client_id` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_client_id))
+- `oauth_client_rsa_public_key_2_fp` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_client_rsa_public_key_2_fp))
+- `oauth_client_rsa_public_key_fp` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_client_rsa_public_key_fp))
+- `oauth_client_type` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_client_type))
+- `oauth_enforce_pkce` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_enforce_pkce))
+- `oauth_issue_refresh_tokens` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_issue_refresh_tokens))
+- `oauth_redirect_uri` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_redirect_uri))
+- `oauth_refresh_token_validity` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_refresh_token_validity))
+- `oauth_token_endpoint` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_token_endpoint))
+- `oauth_use_secondary_roles` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--oauth_use_secondary_roles))
+- `pre_authorized_roles_list` (List of Object) (see [below for nested schema](#nestedobjatt--describe_output--pre_authorized_roles_list))
+
+<a id="nestedobjatt--describe_output--blocked_roles_list"></a>
+### Nested Schema for `describe_output.blocked_roles_list`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--comment"></a>
+### Nested Schema for `describe_output.comment`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--enabled"></a>
+### Nested Schema for `describe_output.enabled`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--network_policy"></a>
+### Nested Schema for `describe_output.network_policy`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_allow_non_tls_redirect_uri"></a>
+### Nested Schema for `describe_output.oauth_allow_non_tls_redirect_uri`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_allowed_authorization_endpoints"></a>
+### Nested Schema for `describe_output.oauth_allowed_authorization_endpoints`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_allowed_token_endpoints"></a>
+### Nested Schema for `describe_output.oauth_allowed_token_endpoints`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_authorization_endpoint"></a>
+### Nested Schema for `describe_output.oauth_authorization_endpoint`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_client_id"></a>
+### Nested Schema for `describe_output.oauth_client_id`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_client_rsa_public_key_2_fp"></a>
+### Nested Schema for `describe_output.oauth_client_rsa_public_key_2_fp`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_client_rsa_public_key_fp"></a>
+### Nested Schema for `describe_output.oauth_client_rsa_public_key_fp`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_client_type"></a>
+### Nested Schema for `describe_output.oauth_client_type`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_enforce_pkce"></a>
+### Nested Schema for `describe_output.oauth_enforce_pkce`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_issue_refresh_tokens"></a>
+### Nested Schema for `describe_output.oauth_issue_refresh_tokens`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_redirect_uri"></a>
+### Nested Schema for `describe_output.oauth_redirect_uri`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_refresh_token_validity"></a>
+### Nested Schema for `describe_output.oauth_refresh_token_validity`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_token_endpoint"></a>
+### Nested Schema for `describe_output.oauth_token_endpoint`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--oauth_use_secondary_roles"></a>
+### Nested Schema for `describe_output.oauth_use_secondary_roles`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+<a id="nestedobjatt--describe_output--pre_authorized_roles_list"></a>
+### Nested Schema for `describe_output.pre_authorized_roles_list`
+
+Read-Only:
+
+- `default` (String)
+- `name` (String)
+- `type` (String)
+- `value` (String)
+
+
+
+<a id="nestedatt--show_output"></a>
+### Nested Schema for `show_output`
+
+Read-Only:
+
+- `category` (String)
+- `comment` (String)
+- `created_on` (String)
+- `enabled` (Boolean)
+- `integration_type` (String)
+- `name` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import snowflake_oauth_integration_for_partner_applications.example "name"
+```
diff --git a/docs/resources/saml2_integration.md b/docs/resources/saml2_integration.md
index 998bfab775..63b883a032 100644
--- a/docs/resources/saml2_integration.md
+++ b/docs/resources/saml2_integration.md
@@ -60,12 +60,12 @@ resource "snowflake_saml2_integration" "test" {
 - `allowed_email_patterns` (Set of String) A list of regular expressions that email addresses are matched against to authenticate with a SAML2 security integration. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
 - `allowed_user_domains` (Set of String) A list of email domains that can authenticate with a SAML2 security integration. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
 - `comment` (String) Specifies a comment for the integration.
-- `enabled` (String) Specifies whether this security integration is enabled or disabled. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
-- `saml2_enable_sp_initiated` (String) The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in With button on the login page. FALSE: does not display the Log in With button on the login page. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
-- `saml2_force_authn` (String) The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `enabled` (String) Specifies whether this security integration is enabled or disabled. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
+- `saml2_enable_sp_initiated` (String) The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in With button on the login page. FALSE: does not display the Log in With button on the login page. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
+- `saml2_force_authn` (String) The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
 - `saml2_post_logout_redirect_url` (String) The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
 - `saml2_requested_nameid_format` (String) The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. Valid options are: [urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos urn:oasis:names:tc:SAML:2.0:nameid-format:persistent urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
-- `saml2_sign_request` (String) The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.
+- `saml2_sign_request` (String) The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. Available options are: "true" or "false". When the value is not set in the configuration the provider will put "default" there which means to use the Snowflake default for this value.
 - `saml2_snowflake_acs_url` (String) The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
 - `saml2_snowflake_issuer_url` (String) The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
 - `saml2_sp_initiated_login_page_label` (String) The string containing the label to display after the Log In With button on the login page. If this field changes value from non-empty to empty, the whole resource is recreated because of Snowflake limitations.
diff --git a/examples/resources/snowflake_oauth_integration_for_partner_applications/import.sh b/examples/resources/snowflake_oauth_integration_for_partner_applications/import.sh
new file mode 100644
index 0000000000..6bfeada50b
--- /dev/null
+++ b/examples/resources/snowflake_oauth_integration_for_partner_applications/import.sh
@@ -0,0 +1 @@
+terraform import snowflake_oauth_integration_for_partner_applications.example "name"
diff --git a/examples/resources/snowflake_oauth_integration_for_partner_applications/resource.tf b/examples/resources/snowflake_oauth_integration_for_partner_applications/resource.tf
new file mode 100644
index 0000000000..f6a52145a2
--- /dev/null
+++ b/examples/resources/snowflake_oauth_integration_for_partner_applications/resource.tf
@@ -0,0 +1,19 @@
+# basic resource
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name               = "example"
+  oauth_client       = "LOOKER"
+  oauth_redirect_uri = "http://example.com"
+  blocked_roles_list = ["ACCOUNTADMIN", "SECURITYADMIN"]
+}
+
+# resource with all fields set
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name                         = "example"
+  oauth_client                 = "TABLEAU_DESKTOP"
+  enabled                      = "true"
+  oauth_issue_refresh_tokens   = "true"
+  oauth_refresh_token_validity = 3600
+  oauth_use_secondary_roles    = "IMPLICIT"
+  blocked_roles_list           = ["ACCOUNTADMIN", "SECURITYADMIN", "role_id1", "role_id2"]
+  comment                      = "example oauth integration for partner applications"
+}
diff --git a/pkg/acceptance/check_destroy.go b/pkg/acceptance/check_destroy.go
index 9e2d11420a..ef663fdf20 100644
--- a/pkg/acceptance/check_destroy.go
+++ b/pkg/acceptance/check_destroy.go
@@ -121,6 +121,12 @@ var showByIdFunctions = map[resources.Resource]showByIdFunc{
 	resources.NotificationIntegration: func(ctx context.Context, client *sdk.Client, id sdk.ObjectIdentifier) error {
 		return runShowById(ctx, id, client.NotificationIntegrations.ShowByID)
 	},
+	resources.OauthIntegrationForCustomClients: func(ctx context.Context, client *sdk.Client, id sdk.ObjectIdentifier) error {
+		return runShowById(ctx, id, client.SecurityIntegrations.ShowByID)
+	},
+	resources.OauthIntegrationForPartnerApplications: func(ctx context.Context, client *sdk.Client, id sdk.ObjectIdentifier) error {
+		return runShowById(ctx, id, client.SecurityIntegrations.ShowByID)
+	},
 	resources.PasswordPolicy: func(ctx context.Context, client *sdk.Client, id sdk.ObjectIdentifier) error {
 		return runShowById(ctx, id, client.PasswordPolicies.ShowByID)
 	},
diff --git a/pkg/acceptance/helpers/security_integration_client.go b/pkg/acceptance/helpers/security_integration_client.go
index 89954b4b7b..f61216414f 100644
--- a/pkg/acceptance/helpers/security_integration_client.go
+++ b/pkg/acceptance/helpers/security_integration_client.go
@@ -61,6 +61,14 @@ func (c *SecurityIntegrationClient) UpdateSaml2ForceAuthn(t *testing.T, id sdk.A
 	c.UpdateSaml2(t, sdk.NewAlterSaml2SecurityIntegrationRequest(id).WithSet(*sdk.NewSaml2IntegrationSetRequest().WithSaml2ForceAuthn(forceAuthn)))
 }
 
+func (c *SecurityIntegrationClient) UpdateOauthForPartnerApplications(t *testing.T, request *sdk.AlterOauthForPartnerApplicationsSecurityIntegrationRequest) {
+	t.Helper()
+	ctx := context.Background()
+
+	err := c.client().AlterOauthForPartnerApplications(ctx, request)
+	require.NoError(t, err)
+}
+
 func (c *SecurityIntegrationClient) CreateScimWithRequest(t *testing.T, request *sdk.CreateScimSecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {
 	t.Helper()
 	ctx := context.Background()
diff --git a/pkg/acceptance/importchecks/import_checks.go b/pkg/acceptance/importchecks/import_checks.go
index fe80b244cd..a04eecf8ec 100644
--- a/pkg/acceptance/importchecks/import_checks.go
+++ b/pkg/acceptance/importchecks/import_checks.go
@@ -8,18 +8,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 )
 
-// ComposeImportStateCheck is based on unexported composeImportStateCheck from teststep_providers_test.go
-func ComposeImportStateCheck(fs ...resource.ImportStateCheckFunc) resource.ImportStateCheckFunc {
-	return func(s []*terraform.InstanceState) error {
-		for i, f := range fs {
-			if err := f(s); err != nil {
-				return fmt.Errorf("check %d/%d error: %w", i+1, len(fs), err)
-			}
-		}
-		return nil
-	}
-}
-
 // ComposeAggregateImportStateCheck does the same as ComposeImportStateCheck, but it aggregates all the occurred errors,
 // instead of returning the first encountered one.
 func ComposeAggregateImportStateCheck(fs ...resource.ImportStateCheckFunc) resource.ImportStateCheckFunc {
@@ -36,6 +24,18 @@ func ComposeAggregateImportStateCheck(fs ...resource.ImportStateCheckFunc) resou
 	}
 }
 
+// ComposeImportStateCheck is based on unexported composeImportStateCheck from teststep_providers_test.go
+func ComposeImportStateCheck(fs ...resource.ImportStateCheckFunc) resource.ImportStateCheckFunc {
+	return func(s []*terraform.InstanceState) error {
+		for i, f := range fs {
+			if err := f(s); err != nil {
+				return fmt.Errorf("check %d/%d error: %w", i+1, len(fs), err)
+			}
+		}
+		return nil
+	}
+}
+
 // TestCheckResourceAttrInstanceState is based on unexported testCheckResourceAttrInstanceState from teststep_providers_test.go
 func TestCheckResourceAttrInstanceState(id string, attributeName, attributeValue string) resource.ImportStateCheckFunc {
 	return func(is []*terraform.InstanceState) error {
diff --git a/pkg/datasources/security_integrations_acceptance_test.go b/pkg/datasources/security_integrations_acceptance_test.go
index 245b4abc3c..178153b801 100644
--- a/pkg/datasources/security_integrations_acceptance_test.go
+++ b/pkg/datasources/security_integrations_acceptance_test.go
@@ -49,8 +49,8 @@ func TestAcc_SecurityIntegrations_Scim(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.show_output.0.created_on"),
 
 					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.#", "1"),
-					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.#", "1"),
-					resource.TestCheckResourceAttrSet("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.todo.0.value"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.enabled.#", "1"),
+					resource.TestCheckResourceAttr("data.snowflake_security_integrations.test", "security_integrations.0.describe_output.0.enabled.0.value", "false"),
 				),
 			},
 			{
diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
index 9ccba1cafc..83e99b4a16 100644
--- a/pkg/provider/provider.go
+++ b/pkg/provider/provider.go
@@ -456,6 +456,7 @@ func getResources() map[string]*schema.Resource {
 		"snowflake_network_rule":                                                 resources.NetworkRule(),
 		"snowflake_notification_integration":                                     resources.NotificationIntegration(),
 		"snowflake_oauth_integration":                                            resources.OAuthIntegration(),
+		"snowflake_oauth_integration_for_partner_applications":                   resources.OauthIntegrationForPartnerApplications(),
 		"snowflake_object_parameter":                                             resources.ObjectParameter(),
 		"snowflake_password_policy":                                              resources.PasswordPolicy(),
 		"snowflake_pipe":                                                         resources.Pipe(),
diff --git a/pkg/provider/resources/resources.go b/pkg/provider/resources/resources.go
index 6b9fd7add1..db621745c8 100644
--- a/pkg/provider/resources/resources.go
+++ b/pkg/provider/resources/resources.go
@@ -3,48 +3,50 @@ package resources
 type resource string
 
 const (
-	Account                      resource = "snowflake_account"
-	Alert                        resource = "snowflake_alert"
-	ApiIntegration               resource = "snowflake_api_integration"
-	CortexSearchService          resource = "snowflake_cortex_search_service"
-	DatabaseOld                  resource = "snowflake_database_old"
-	Database                     resource = "snowflake_database"
-	DatabaseRole                 resource = "snowflake_database_role"
-	DynamicTable                 resource = "snowflake_dynamic_table"
-	EmailNotificationIntegration resource = "snowflake_email_notification_integration"
-	ExternalFunction             resource = "snowflake_external_function"
-	ExternalTable                resource = "snowflake_external_table"
-	FailoverGroup                resource = "snowflake_failover_group"
-	FileFormat                   resource = "snowflake_file_format"
-	Function                     resource = "snowflake_function"
-	ManagedAccount               resource = "snowflake_managed_account"
-	MaskingPolicy                resource = "snowflake_masking_policy"
-	MaterializedView             resource = "snowflake_materialized_view"
-	NetworkPolicy                resource = "snowflake_network_policy"
-	NetworkRule                  resource = "snowflake_network_rule"
-	NotificationIntegration      resource = "snowflake_notification_integration"
-	PasswordPolicy               resource = "snowflake_password_policy"
-	Pipe                         resource = "snowflake_pipe"
-	Procedure                    resource = "snowflake_procedure"
-	ResourceMonitor              resource = "snowflake_resource_monitor"
-	Role                         resource = "snowflake_role"
-	RowAccessPolicy              resource = "snowflake_row_access_policy"
-	Saml2SecurityIntegration     resource = "snowflake_saml2_integration"
-	Schema                       resource = "snowflake_schema"
-	ScimSecurityIntegration      resource = "snowflake_scim_integration"
-	SecondaryDatabase            resource = "snowflake_secondary_database"
-	Sequence                     resource = "snowflake_sequence"
-	Share                        resource = "snowflake_share"
-	SharedDatabase               resource = "snowflake_shared_database"
-	Stage                        resource = "snowflake_stage"
-	StorageIntegration           resource = "snowflake_storage_integration"
-	Stream                       resource = "snowflake_stream"
-	Table                        resource = "snowflake_table"
-	Tag                          resource = "snowflake_tag"
-	Task                         resource = "snowflake_task"
-	User                         resource = "snowflake_user"
-	View                         resource = "snowflake_view"
-	Warehouse                    resource = "snowflake_warehouse"
+	Account                                resource = "snowflake_account"
+	Alert                                  resource = "snowflake_alert"
+	ApiIntegration                         resource = "snowflake_api_integration"
+	CortexSearchService                    resource = "snowflake_cortex_search_service"
+	DatabaseOld                            resource = "snowflake_database_old"
+	Database                               resource = "snowflake_database"
+	DatabaseRole                           resource = "snowflake_database_role"
+	DynamicTable                           resource = "snowflake_dynamic_table"
+	EmailNotificationIntegration           resource = "snowflake_email_notification_integration"
+	ExternalFunction                       resource = "snowflake_external_function"
+	ExternalTable                          resource = "snowflake_external_table"
+	FailoverGroup                          resource = "snowflake_failover_group"
+	FileFormat                             resource = "snowflake_file_format"
+	Function                               resource = "snowflake_function"
+	ManagedAccount                         resource = "snowflake_managed_account"
+	MaskingPolicy                          resource = "snowflake_masking_policy"
+	MaterializedView                       resource = "snowflake_materialized_view"
+	NetworkPolicy                          resource = "snowflake_network_policy"
+	NetworkRule                            resource = "snowflake_network_rule"
+	NotificationIntegration                resource = "snowflake_notification_integration"
+	OauthIntegrationForCustomClients       resource = "snowflake_oauth_integration_for_custom_clients"
+	OauthIntegrationForPartnerApplications resource = "snowflake_oauth_integration_for_partner_applications"
+	PasswordPolicy                         resource = "snowflake_password_policy"
+	Pipe                                   resource = "snowflake_pipe"
+	Procedure                              resource = "snowflake_procedure"
+	ResourceMonitor                        resource = "snowflake_resource_monitor"
+	Role                                   resource = "snowflake_role"
+	RowAccessPolicy                        resource = "snowflake_row_access_policy"
+	Saml2SecurityIntegration               resource = "snowflake_saml2_integration"
+	Schema                                 resource = "snowflake_schema"
+	ScimSecurityIntegration                resource = "snowflake_scim_integration"
+	SecondaryDatabase                      resource = "snowflake_secondary_database"
+	Sequence                               resource = "snowflake_sequence"
+	Share                                  resource = "snowflake_share"
+	SharedDatabase                         resource = "snowflake_shared_database"
+	Stage                                  resource = "snowflake_stage"
+	StorageIntegration                     resource = "snowflake_storage_integration"
+	Stream                                 resource = "snowflake_stream"
+	Table                                  resource = "snowflake_table"
+	Tag                                    resource = "snowflake_tag"
+	Task                                   resource = "snowflake_task"
+	User                                   resource = "snowflake_user"
+	View                                   resource = "snowflake_view"
+	Warehouse                              resource = "snowflake_warehouse"
 )
 
 type Resource interface {
diff --git a/pkg/resources/custom_diffs_test.go b/pkg/resources/custom_diffs_test.go
index 6e791672eb..7ce3a07480 100644
--- a/pkg/resources/custom_diffs_test.go
+++ b/pkg/resources/custom_diffs_test.go
@@ -301,7 +301,9 @@ func TestForceNewIfChangeToEmptySet(t *testing.T) {
 		}, {
 			name: "non-empty to empty",
 			stateValue: map[string]string{
-				"value.#":          "1",
+				"value.#": "1",
+				// The Sets are using hashes to generate an index for a given value.
+				// In this case: 2577344683 == hash("CREATE DATABASE").
 				"value.2577344683": "CREATE DATABASE",
 			},
 			rawConfigValue: map[string]any{},
diff --git a/pkg/resources/oauth_integration_for_partner_applications.go b/pkg/resources/oauth_integration_for_partner_applications.go
new file mode 100644
index 0000000000..b8299d9bf3
--- /dev/null
+++ b/pkg/resources/oauth_integration_for_partner_applications.go
@@ -0,0 +1,487 @@
+package resources
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/helpers"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/collections"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/logging"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/provider"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/schemas"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+var oauthIntegrationForPartnerApplicationsSchema = map[string]*schema.Schema{
+	"name": {
+		Type:        schema.TypeString,
+		Required:    true,
+		ForceNew:    true,
+		Description: "Specifies the name of the OAuth integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.",
+	},
+	"oauth_client": {
+		Type:             schema.TypeString,
+		Required:         true,
+		ForceNew:         true,
+		Description:      fmt.Sprintf("Creates an OAuth interface between Snowflake and a partner application. Valid options are: %v", sdk.AllOauthSecurityIntegrationClients),
+		ValidateDiagFunc: sdkValidation(sdk.ToOauthSecurityIntegrationClientOption),
+		DiffSuppressFunc: NormalizeAndCompare(sdk.ToOauthSecurityIntegrationClientOption),
+	},
+	"oauth_redirect_uri": {
+		Type:        schema.TypeString,
+		Optional:    true,
+		Description: externalChangesNotDetectedFieldDescription("Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The field should be only set when OAUTH_CLIENT = LOOKER. In any other case the field should be left out empty."),
+	},
+	"enabled": {
+		Type:             schema.TypeString,
+		Optional:         true,
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInShow("enabled"),
+		Description:      booleanStringFieldDescription("Specifies whether this OAuth integration is enabled or disabled."),
+	},
+	"oauth_issue_refresh_tokens": {
+		Type:             schema.TypeString,
+		Optional:         true,
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("oauth_issue_refresh_tokens"),
+		Description:      booleanStringFieldDescription("Specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired."),
+	},
+	"oauth_refresh_token_validity": {
+		Type:             schema.TypeInt,
+		Optional:         true,
+		Default:          IntDefault,
+		ValidateDiagFunc: validation.ToDiagFunc(validation.IntAtLeast(0)),
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("oauth_refresh_token_validity"),
+		Description:      "Specifies how long refresh tokens should be valid (in seconds). OAUTH_ISSUE_REFRESH_TOKENS must be set to TRUE.",
+	},
+	"oauth_use_secondary_roles": {
+		Type:             schema.TypeString,
+		Optional:         true,
+		Description:      fmt.Sprintf("Specifies whether default secondary roles set in the user properties are activated by default in the session being opened. Valid options are: %v", sdk.AllOauthSecurityIntegrationUseSecondaryRoles),
+		ValidateDiagFunc: sdkValidation(sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption),
+		DiffSuppressFunc: SuppressIfAny(NormalizeAndCompare(sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption), IgnoreChangeToCurrentSnowflakeValueInDescribe("oauth_use_secondary_roles")),
+	},
+	"blocked_roles_list": {
+		Type: schema.TypeSet,
+		Elem: &schema.Schema{
+			Type:             schema.TypeString,
+			ValidateDiagFunc: IsValidIdentifier[sdk.AccountObjectIdentifier](),
+		},
+		// TODO(SNOW-1517937): Check if can make optional
+		Required:         true,
+		Description:      "A set of Snowflake roles that a user cannot explicitly consent to using after authenticating.",
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("blocked_roles_list"),
+	},
+	"comment": {
+		Type:             schema.TypeString,
+		Optional:         true,
+		Description:      "Specifies a comment for the OAuth integration.",
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInShow("comment"),
+	},
+	ShowOutputAttributeName: {
+		Type:        schema.TypeList,
+		Computed:    true,
+		Description: "Outputs the result of `SHOW SECURITY INTEGRATION` for the given integration.",
+		Elem: &schema.Resource{
+			Schema: schemas.ShowSecurityIntegrationSchema,
+		},
+	},
+	DescribeOutputAttributeName: {
+		Type:        schema.TypeList,
+		Computed:    true,
+		Description: "Outputs the result of `DESCRIBE SECURITY INTEGRATION` for the given integration.",
+		Elem: &schema.Resource{
+			Schema: schemas.DescribeOauthIntegrationForPartnerApplications,
+		},
+	},
+}
+
+func OauthIntegrationForPartnerApplications() *schema.Resource {
+	return &schema.Resource{
+		Schema: oauthIntegrationForPartnerApplicationsSchema,
+
+		CreateContext: CreateContextOauthIntegrationForPartnerApplications,
+		ReadContext:   ReadContextOauthIntegrationForPartnerApplications(true),
+		UpdateContext: UpdateContextOauthIntegrationForPartnerApplications,
+		DeleteContext: DeleteContextSecurityIntegration,
+
+		CustomizeDiff: customdiff.All(
+			ComputedIfAnyAttributeChanged(
+				ShowOutputAttributeName,
+				"name",
+				"enabled",
+				"comment",
+			),
+			ComputedIfAnyAttributeChanged(
+				DescribeOutputAttributeName,
+				"oauth_client",
+				"enabled",
+				"oauth_issue_refresh_tokens",
+				"oauth_refresh_token_validity",
+				"oauth_use_secondary_roles",
+				"blocked_roles_list",
+				"comment",
+			),
+		),
+
+		Importer: &schema.ResourceImporter{
+			StateContext: ImportOauthForPartnerApplicationIntegration,
+		},
+	}
+}
+
+func ImportOauthForPartnerApplicationIntegration(ctx context.Context, d *schema.ResourceData, meta any) ([]*schema.ResourceData, error) {
+	logging.DebugLogger.Printf("[DEBUG] Starting oauth integration for partner applications import")
+	client := meta.(*provider.Context).Client
+	id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier)
+
+	integration, err := client.SecurityIntegrations.ShowByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+
+	integrationProperties, err := client.SecurityIntegrations.Describe(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = d.Set("enabled", booleanStringFromBool(integration.Enabled)); err != nil {
+		return nil, err
+	}
+
+	if issueRefreshTokens, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+		return property.Name == "OAUTH_ISSUE_REFRESH_TOKENS"
+	}); err == nil {
+		if err = d.Set("oauth_issue_refresh_tokens", issueRefreshTokens.Value); err != nil {
+			return nil, err
+		}
+	}
+
+	if refreshTokenValidity, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+		return property.Name == "OAUTH_REFRESH_TOKEN_VALIDITY"
+	}); err == nil {
+		refreshTokenValidityValue, err := strconv.ParseInt(refreshTokenValidity.Value, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		if err = d.Set("oauth_refresh_token_validity", refreshTokenValidityValue); err != nil {
+			return nil, err
+		}
+	}
+
+	if oauthUseSecondaryRoles, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+		return property.Name == "OAUTH_USE_SECONDARY_ROLES"
+	}); err == nil {
+		oauthUseSecondaryRolesValue, err := sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption(oauthUseSecondaryRoles.Value)
+		if err != nil {
+			return nil, err
+		}
+		if err = d.Set("oauth_use_secondary_roles", oauthUseSecondaryRolesValue); err != nil {
+			return nil, err
+		}
+	}
+
+	return []*schema.ResourceData{d}, nil
+}
+
+func CreateContextOauthIntegrationForPartnerApplications(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*provider.Context).Client
+
+	id := sdk.NewAccountObjectIdentifier(d.Get("name").(string))
+	oauthClient, err := sdk.ToOauthSecurityIntegrationClientOption(d.Get("oauth_client").(string))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	req := sdk.NewCreateOauthForPartnerApplicationsSecurityIntegrationRequest(id, oauthClient)
+
+	if v, ok := d.GetOk("oauth_redirect_uri"); ok {
+		req.WithOauthRedirectUri(v.(string))
+	}
+
+	if v := d.Get("enabled").(string); v != BooleanDefault {
+		parsedBool, err := booleanStringToBool(v)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		req.WithEnabled(parsedBool)
+	}
+
+	if v := d.Get("oauth_issue_refresh_tokens").(string); v != BooleanDefault {
+		parsedBool, err := booleanStringToBool(v)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		req.WithOauthIssueRefreshTokens(parsedBool)
+	}
+
+	if v := d.Get("oauth_refresh_token_validity").(int); v != IntDefault {
+		req.WithOauthRefreshTokenValidity(v)
+	}
+
+	if v, ok := d.GetOk("oauth_use_secondary_roles"); ok {
+		useSecondaryRolesOption, err := sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption(v.(string))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		req.WithOauthUseSecondaryRoles(useSecondaryRolesOption)
+	}
+
+	if v, ok := d.GetOk("blocked_roles_list"); ok {
+		elems := expandStringList(v.(*schema.Set).List())
+		blockedRoles := make([]sdk.AccountObjectIdentifier, len(elems))
+		for i := range elems {
+			blockedRoles[i] = sdk.NewAccountObjectIdentifier(elems[i])
+		}
+		req.WithBlockedRolesList(sdk.BlockedRolesListRequest{BlockedRolesList: blockedRoles})
+	}
+
+	if v, ok := d.GetOk("comment"); ok {
+		req.WithComment(v.(string))
+	}
+
+	if err := client.SecurityIntegrations.CreateOauthForPartnerApplications(ctx, req); err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(helpers.EncodeSnowflakeID(id))
+
+	return ReadContextOauthIntegrationForPartnerApplications(false)(ctx, d, meta)
+}
+
+func ReadContextOauthIntegrationForPartnerApplications(withExternalChangesMarking bool) schema.ReadContextFunc {
+	return func(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+		client := meta.(*provider.Context).Client
+		id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier)
+
+		integration, err := client.SecurityIntegrations.ShowByID(ctx, id)
+		if err != nil {
+			if errors.Is(err, sdk.ErrObjectNotFound) {
+				d.SetId("")
+				return diag.Diagnostics{
+					diag.Diagnostic{
+						Severity: diag.Warning,
+						Summary:  "Failed to query security integration. Marking the resource as removed.",
+						Detail:   fmt.Sprintf("Security integration name: %s, Err: %s", id.FullyQualifiedName(), err),
+					},
+				}
+			}
+			return diag.FromErr(err)
+		}
+
+		integrationProperties, err := client.SecurityIntegrations.Describe(ctx, id)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		if c := integration.Category; c != sdk.SecurityIntegrationCategory {
+			return diag.FromErr(fmt.Errorf("expected %v to be a %s integration, got %v", id, sdk.SecurityIntegrationCategory, c))
+		}
+
+		if err := d.Set("name", sdk.NewAccountObjectIdentifier(integration.Name).Name()); err != nil {
+			return diag.FromErr(err)
+		}
+
+		oauthClient, err := integration.SubType()
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		if err := d.Set("oauth_client", oauthClient); err != nil {
+			return diag.FromErr(err)
+		}
+
+		if err := d.Set("comment", integration.Comment); err != nil {
+			return diag.FromErr(err)
+		}
+
+		blockedRolesList, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+			return property.Name == "BLOCKED_ROLES_LIST"
+		})
+		if err != nil {
+			return diag.FromErr(fmt.Errorf("failed to find pre authorized roles list, err = %w", err))
+		}
+		var blockedRoles []string
+		if len(blockedRolesList.Value) > 0 {
+			blockedRoles = strings.Split(blockedRolesList.Value, ",")
+		}
+		if err := d.Set("blocked_roles_list", blockedRoles); err != nil {
+			return diag.FromErr(err)
+		}
+
+		if withExternalChangesMarking {
+			if err = handleExternalChangesToObjectInShow(d,
+				showMapping{"enabled", "enabled", integration.Enabled, booleanStringFromBool(integration.Enabled), nil},
+			); err != nil {
+				return diag.FromErr(err)
+			}
+
+			oauthIssueRefreshTokens, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+				return property.Name == "OAUTH_ISSUE_REFRESH_TOKENS"
+			})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+
+			oauthRefreshTokenValidity, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+				return property.Name == "OAUTH_REFRESH_TOKEN_VALIDITY"
+			})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+			oauthRefreshTokenValidityValue, err := strconv.ParseInt(oauthRefreshTokenValidity.Value, 10, 64)
+			if err != nil {
+				return diag.FromErr(err)
+			}
+
+			oauthUseSecondaryRoles, err := collections.FindOne(integrationProperties, func(property sdk.SecurityIntegrationProperty) bool {
+				return property.Name == "OAUTH_USE_SECONDARY_ROLES"
+			})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+
+			if err = handleExternalChangesToObjectInDescribe(d,
+				describeMapping{"oauth_issue_refresh_tokens", "oauth_issue_refresh_tokens", oauthIssueRefreshTokens.Value, oauthIssueRefreshTokens.Value, nil},
+				describeMapping{"oauth_refresh_token_validity", "oauth_refresh_token_validity", oauthRefreshTokenValidity.Value, oauthRefreshTokenValidityValue, nil},
+				describeMapping{"oauth_use_secondary_roles", "oauth_use_secondary_roles", oauthUseSecondaryRoles.Value, oauthUseSecondaryRoles.Value, nil},
+			); err != nil {
+				return diag.FromErr(err)
+			}
+		}
+
+		if err = setStateToValuesFromConfig(d, oauthIntegrationForPartnerApplicationsSchema, []string{
+			"enabled",
+			"oauth_issue_refresh_tokens",
+			"oauth_refresh_token_validity",
+			"oauth_use_secondary_roles",
+		}); err != nil {
+			return diag.FromErr(err)
+		}
+
+		if err = d.Set(ShowOutputAttributeName, []map[string]any{schemas.SecurityIntegrationToSchema(integration)}); err != nil {
+			return diag.FromErr(err)
+		}
+
+		if err = d.Set(DescribeOutputAttributeName, []map[string]any{schemas.DescribeOauthIntegrationForPartnerApplicationsToSchema(integrationProperties)}); err != nil {
+			return diag.FromErr(err)
+		}
+
+		return nil
+	}
+}
+
+func UpdateContextOauthIntegrationForPartnerApplications(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*provider.Context).Client
+	id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier)
+	set, unset := sdk.NewOauthForPartnerApplicationsIntegrationSetRequest(), sdk.NewOauthForPartnerApplicationsIntegrationUnsetRequest()
+
+	if d.HasChange("blocked_roles_list") {
+		elems := expandStringList(d.Get("blocked_roles_list").(*schema.Set).List())
+		blockedRoles := make([]sdk.AccountObjectIdentifier, len(elems))
+		for i := range elems {
+			blockedRoles[i] = sdk.NewAccountObjectIdentifier(elems[i])
+		}
+		set.WithBlockedRolesList(sdk.BlockedRolesListRequest{BlockedRolesList: blockedRoles})
+		// can call SET with an empty list
+	}
+
+	if d.HasChange("comment") {
+		set.WithComment(d.Get("comment").(string))
+		// TODO(SNOW-1515781): No UNSET
+	}
+
+	if d.HasChange("enabled") {
+		if v := d.Get("oauth_issue_refresh_tokens").(string); v != BooleanDefault {
+			parsedBool, err := booleanStringToBool(d.Get("enabled").(string))
+			if err != nil {
+				return diag.FromErr(err)
+			}
+			set.WithEnabled(parsedBool)
+		} else {
+			unset.WithEnabled(true)
+		}
+	}
+
+	if d.HasChange("oauth_issue_refresh_tokens") {
+		if v := d.Get("oauth_issue_refresh_tokens").(string); v != BooleanDefault {
+			parsedBool, err := booleanStringToBool(v)
+			if err != nil {
+				return diag.FromErr(err)
+			}
+			set.WithOauthIssueRefreshTokens(parsedBool)
+		} else {
+			// TODO(SNOW-1515781): No UNSET
+			set.WithOauthIssueRefreshTokens(true)
+		}
+	}
+
+	if d.HasChange("oauth_redirect_uri") {
+		// Field can only be set when oauth_client = LOOKER and is required (shouldn't be UNSET in those cases).
+		// With any other case oauth_client, the field shouldn't be set.
+		set.WithOauthRedirectUri(d.Get("oauth_redirect_uri").(string))
+	}
+
+	if d.HasChange("oauth_refresh_token_validity") {
+		if v := d.Get("oauth_refresh_token_validity").(int); v != -1 {
+			set.WithOauthRefreshTokenValidity(v)
+		} else {
+			// TODO(SNOW-1515781): No UNSET
+			set.WithOauthRefreshTokenValidity(7776000)
+		}
+	}
+
+	if d.HasChange("oauth_use_secondary_roles") {
+		if v, ok := d.GetOk("oauth_use_secondary_roles"); ok {
+			value, err := sdk.ToOauthSecurityIntegrationUseSecondaryRolesOption(v.(string))
+			if err != nil {
+				return diag.FromErr(err)
+			}
+			set.WithOauthUseSecondaryRoles(value)
+		} else {
+			unset.WithOauthUseSecondaryRoles(true)
+		}
+	}
+
+	if !reflect.DeepEqual(*set, sdk.OauthForPartnerApplicationsIntegrationSetRequest{}) {
+		if err := client.SecurityIntegrations.AlterOauthForPartnerApplications(ctx, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithSet(*set)); err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	if !reflect.DeepEqual(*unset, sdk.OauthForPartnerApplicationsIntegrationUnsetRequest{}) {
+		if err := client.SecurityIntegrations.AlterOauthForPartnerApplications(ctx, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithUnset(*unset)); err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	return ReadContextOauthIntegrationForPartnerApplications(false)(ctx, d, meta)
+}
+
+func DeleteContextSecurityIntegration(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
+	id := helpers.DecodeSnowflakeID(d.Id()).(sdk.AccountObjectIdentifier)
+	client := meta.(*provider.Context).Client
+
+	err := client.SecurityIntegrations.Drop(ctx, sdk.NewDropSecurityIntegrationRequest(sdk.NewAccountObjectIdentifier(id.Name())).WithIfExists(true))
+	if err != nil {
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				Severity: diag.Error,
+				Summary:  "Error deleting oauth integration for partner applications",
+				Detail:   fmt.Sprintf("id %v err = %v", id.Name(), err),
+			},
+		}
+	}
+
+	d.SetId("")
+	return nil
+}
diff --git a/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go
new file mode 100644
index 0000000000..d3f94e1257
--- /dev/null
+++ b/pkg/resources/oauth_integration_for_partner_applications_acceptance_test.go
@@ -0,0 +1,672 @@
+package resources_test
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/planchecks"
+	tfjson "github.com/hashicorp/terraform-json"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/importchecks"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/provider/resources"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+
+	acc "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/tfversion"
+)
+
+func TestAcc_OauthIntegrationForPartnerApplications_Basic(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	validUrl := "https://example.com"
+	comment := random.Comment()
+
+	configVariables := func(complete bool) config.Variables {
+		values := config.Variables{
+			"name":               config.StringVariable(id.Name()),
+			"oauth_client":       config.StringVariable(string(sdk.OauthSecurityIntegrationClientLooker)),
+			"blocked_roles_list": config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN")),
+			"oauth_redirect_uri": config.StringVariable(validUrl),
+		}
+		if complete {
+			values["enabled"] = config.BoolVariable(true)
+			values["oauth_issue_refresh_tokens"] = config.BoolVariable(false)
+			values["oauth_refresh_token_validity"] = config.IntegerVariable(86400)
+			values["oauth_use_secondary_roles"] = config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit))
+			values["comment"] = config.StringVariable(comment)
+		}
+		return values
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: acc.CheckDestroy(t, resources.OauthIntegrationForPartnerApplications),
+		Steps: []resource.TestStep{
+			// create with empty optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic"),
+				ConfigVariables: configVariables(false),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", validUrl),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "-1"),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", ""),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - LOOKER"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "7776000"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// import - without optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic"),
+				ConfigVariables: configVariables(false),
+				ResourceName:    "snowflake_oauth_integration_for_partner_applications.test",
+				ImportState:     true,
+				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "enabled", "false"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_issue_refresh_tokens", "true"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_refresh_token_validity", "7776000"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "blocked_roles_list.#", "2"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", ""),
+				),
+			},
+			// set optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"),
+				ConfigVariables: configVariables(true),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", validUrl),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", comment),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - LOOKER"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// import - complete
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"),
+				ConfigVariables: configVariables(true),
+				ResourceName:    "snowflake_oauth_integration_for_partner_applications.test",
+				ImportState:     true,
+				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "enabled", "true"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_issue_refresh_tokens", "false"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_refresh_token_validity", "86400"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "blocked_roles_list.#", "2"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", comment),
+				),
+			},
+			// change externally
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete"),
+				ConfigVariables: configVariables(true),
+				PreConfig: func() {
+					acc.TestClient().SecurityIntegration.UpdateOauthForPartnerApplications(t, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithSet(
+						*sdk.NewOauthForPartnerApplicationsIntegrationSetRequest().
+							WithBlockedRolesList(*sdk.NewBlockedRolesListRequest([]sdk.AccountObjectIdentifier{})).
+							WithComment("").
+							WithOauthIssueRefreshTokens(true).
+							WithOauthRefreshTokenValidity(3600),
+					))
+					acc.TestClient().SecurityIntegration.UpdateOauthForPartnerApplications(t, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithUnset(
+						*sdk.NewOauthForPartnerApplicationsIntegrationUnsetRequest().
+							WithEnabled(true).
+							WithOauthUseSecondaryRoles(true),
+					))
+				},
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "enabled", sdk.String("true"), sdk.String("false")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "comment", sdk.String(comment), sdk.String("")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)), sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone))),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", sdk.String("false"), sdk.String("true")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", sdk.String("86400"), sdk.String("3600")),
+
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "enabled", tfjson.ActionUpdate, sdk.String("false"), sdk.String("true")),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "comment", tfjson.ActionUpdate, sdk.String(""), sdk.String(comment)),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", tfjson.ActionUpdate, sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone)), sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit))),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", tfjson.ActionUpdate, sdk.String("true"), sdk.String("false")),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", tfjson.ActionUpdate, sdk.String("3600"), sdk.String("86400")),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", validUrl),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", comment),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - LOOKER"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// unset
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic"),
+				ConfigVariables: configVariables(false),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientLooker)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri", validUrl),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "-1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", ""),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", ""),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - LOOKER"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypeConfidential)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "7776000"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+		},
+	})
+}
+
+func TestAcc_OauthIntegrationForPartnerApplications_BasicTableauDesktop(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	comment := random.Comment()
+
+	role, roleCleanup := acc.TestClient().Role.CreateRole(t)
+	t.Cleanup(roleCleanup)
+
+	configVariables := func(complete bool) config.Variables {
+		values := config.Variables{
+			"name":               config.StringVariable(id.Name()),
+			"oauth_client":       config.StringVariable(string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+			"blocked_roles_list": config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN")),
+		}
+		if complete {
+			values["blocked_roles_list"] = config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN"), config.StringVariable(role.ID().Name()))
+			values["enabled"] = config.BoolVariable(true)
+			values["oauth_issue_refresh_tokens"] = config.BoolVariable(false)
+			values["oauth_refresh_token_validity"] = config.IntegerVariable(86400)
+			values["oauth_use_secondary_roles"] = config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit))
+			values["comment"] = config.StringVariable(comment)
+		}
+		return values
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: acc.CheckDestroy(t, resources.OauthIntegrationForPartnerApplications),
+		Steps: []resource.TestStep{
+			// create with empty optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic_tableau"),
+				ConfigVariables: configVariables(false),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "-1"),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", ""),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - TABLEAU_DESKTOP"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypePublic)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "7776000"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", ""),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// import - without optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic_tableau"),
+				ConfigVariables: configVariables(false),
+				ResourceName:    "snowflake_oauth_integration_for_partner_applications.test",
+				ImportState:     true,
+				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "enabled", "false"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_issue_refresh_tokens", "true"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_refresh_token_validity", "7776000"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "blocked_roles_list.#", "2"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", ""),
+				),
+			},
+			// set optionals
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau"),
+				ConfigVariables: configVariables(true),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "3"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", comment),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - TABLEAU_DESKTOP"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypePublic)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", comment),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// import - complete
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau"),
+				ConfigVariables: configVariables(true),
+				ResourceName:    "snowflake_oauth_integration_for_partner_applications.test",
+				ImportState:     true,
+				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "enabled", "true"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_issue_refresh_tokens", "false"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_refresh_token_validity", "86400"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "blocked_roles_list.#", "3"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", comment),
+				),
+			},
+			// change externally
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau"),
+				ConfigVariables: configVariables(true),
+				PreConfig: func() {
+					acc.TestClient().SecurityIntegration.UpdateOauthForPartnerApplications(t, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithSet(
+						*sdk.NewOauthForPartnerApplicationsIntegrationSetRequest().
+							WithBlockedRolesList(*sdk.NewBlockedRolesListRequest([]sdk.AccountObjectIdentifier{})).
+							WithComment("").
+							WithOauthIssueRefreshTokens(true).
+							WithOauthRefreshTokenValidity(3600),
+					))
+					acc.TestClient().SecurityIntegration.UpdateOauthForPartnerApplications(t, sdk.NewAlterOauthForPartnerApplicationsSecurityIntegrationRequest(id).WithUnset(
+						*sdk.NewOauthForPartnerApplicationsIntegrationUnsetRequest().
+							WithEnabled(true).
+							WithOauthUseSecondaryRoles(true),
+					))
+				},
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "enabled", sdk.String("true"), sdk.String("false")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "comment", sdk.String(comment), sdk.String("")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)), sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone))),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", sdk.String("false"), sdk.String("true")),
+						planchecks.ExpectDrift("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", sdk.String("86400"), sdk.String("3600")),
+
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "enabled", tfjson.ActionUpdate, sdk.String("false"), sdk.String("true")),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "comment", tfjson.ActionUpdate, sdk.String(""), sdk.String(comment)),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", tfjson.ActionUpdate, sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesNone)), sdk.String(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit))),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", tfjson.ActionUpdate, sdk.String("true"), sdk.String("false")),
+						planchecks.ExpectChange("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", tfjson.ActionUpdate, sdk.String("3600"), sdk.String("86400")),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "3"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", comment),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - TABLEAU_DESKTOP"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypePublic)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "IMPLICIT"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", comment),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// unset
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/basic_tableau"),
+				ConfigVariables: configVariables(false),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("snowflake_oauth_integration_for_partner_applications.test", plancheck.ResourceActionUpdate),
+					},
+				},
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "default"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "-1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", ""),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", ""),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - TABLEAU_DESKTOP"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", ""),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypePublic)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", "NONE"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "7776000"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", ""),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+		},
+	})
+}
+
+func TestAcc_OauthIntegrationForPartnerApplications_Complete(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+	comment := random.Comment()
+	configVariables := config.Variables{
+		"name":                         config.StringVariable(id.Name()),
+		"oauth_client":                 config.StringVariable(string(sdk.OauthSecurityIntegrationClientTableauServer)),
+		"blocked_roles_list":           config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN")),
+		"enabled":                      config.BoolVariable(true),
+		"oauth_issue_refresh_tokens":   config.BoolVariable(false),
+		"oauth_refresh_token_validity": config.IntegerVariable(86400),
+		"oauth_use_secondary_roles":    config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+		"comment":                      config.StringVariable(comment),
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		CheckDestroy: acc.CheckDestroy(t, resources.OauthIntegrationForPartnerApplications),
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau"),
+				ConfigVariables: configVariables,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauServer)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_redirect_uri"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_issue_refresh_tokens", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_refresh_token_validity", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "blocked_roles_list.#", "2"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "comment", comment),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.name", id.Name()),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.integration_type", "OAUTH - TABLEAU_SERVER"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.category", "SECURITY"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.enabled", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.comment", comment),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "show_output.0.created_on"),
+
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.#", "1"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_type.0.value", string(sdk.OauthSecurityIntegrationClientTypePublic)),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_redirect_uri.0.value"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.enabled.0.value", "true"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_use_secondary_roles.0.value", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.blocked_roles_list.0.value", "ACCOUNTADMIN,SECURITYADMIN"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_issue_refresh_tokens.0.value", "false"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_refresh_token_validity.0.value", "86400"),
+					resource.TestCheckResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.comment.0.value", comment),
+					resource.TestCheckNoResourceAttr("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_client_id.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_authorization_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_token_endpoint.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_authorization_endpoints.0.value"),
+					resource.TestCheckResourceAttrSet("snowflake_oauth_integration_for_partner_applications.test", "describe_output.0.oauth_allowed_token_endpoints.0.value"),
+				),
+			},
+			// import - complete
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/complete_tableau"),
+				ConfigVariables: configVariables,
+				ResourceName:    "snowflake_oauth_integration_for_partner_applications.test",
+				ImportState:     true,
+				ImportStateCheck: importchecks.ComposeAggregateImportStateCheck(
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "name", id.Name()),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_client", string(sdk.OauthSecurityIntegrationClientTableauServer)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "enabled", "true"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_issue_refresh_tokens", "false"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_refresh_token_validity", "86400"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "oauth_use_secondary_roles", string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "blocked_roles_list.#", "2"),
+					importchecks.TestCheckResourceAttrInstanceState(id.Name(), "comment", comment),
+				),
+			},
+		},
+	})
+}
+
+func TestAcc_OauthIntegrationForPartnerApplications_Invalid(t *testing.T) {
+	id := acc.TestClient().Ids.RandomAccountObjectIdentifier()
+
+	invalidUseSecondaryRoles := config.Variables{
+		"name":                      config.StringVariable(id.Name()),
+		"oauth_client":              config.StringVariable(string(sdk.OauthSecurityIntegrationClientTableauDesktop)),
+		"oauth_use_secondary_roles": config.StringVariable("invalid"),
+		"blocked_roles_list":        config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN")),
+	}
+
+	invalidOauthClient := config.Variables{
+		"name":                      config.StringVariable(id.Name()),
+		"oauth_client":              config.StringVariable("invalid"),
+		"oauth_use_secondary_roles": config.StringVariable(string(sdk.OauthSecurityIntegrationUseSecondaryRolesImplicit)),
+		"blocked_roles_list":        config.SetVariable(config.StringVariable("ACCOUNTADMIN"), config.StringVariable("SECURITYADMIN")),
+	}
+
+	resource.Test(t, resource.TestCase{
+		ProtoV6ProviderFactories: acc.TestAccProtoV6ProviderFactories,
+		PreCheck:                 func() { acc.TestAccPreCheck(t) },
+		TerraformVersionChecks: []tfversion.TerraformVersionCheck{
+			tfversion.RequireAbove(tfversion.Version1_5_0),
+		},
+		Steps: []resource.TestStep{
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/invalid"),
+				ConfigVariables: invalidUseSecondaryRoles,
+				ExpectError:     regexp.MustCompile(`Error: invalid OauthSecurityIntegrationUseSecondaryRolesOption: INVALID`),
+			},
+			{
+				ConfigDirectory: acc.ConfigurationDirectory("TestAcc_OauthIntegrationForPartnerApplications/invalid"),
+				ConfigVariables: invalidOauthClient,
+				ExpectError:     regexp.MustCompile(`Error: invalid OauthSecurityIntegrationClientOption: INVALID`),
+			},
+		},
+	})
+}
diff --git a/pkg/resources/saml2_integration.go b/pkg/resources/saml2_integration.go
index 6b03ef3c75..b483e45330 100644
--- a/pkg/resources/saml2_integration.go
+++ b/pkg/resources/saml2_integration.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-	"strconv"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/collections"
 
@@ -30,10 +29,10 @@ var saml2IntegrationSchema = map[string]*schema.Schema{
 	"enabled": {
 		Type:             schema.TypeString,
 		Optional:         true,
-		Default:          "unknown",
-		ValidateDiagFunc: StringInSlice([]string{"true", "false"}, false),
-		DiffSuppressFunc: SuppressIfAny(ignoreCaseSuppressFunc, IgnoreChangeToCurrentSnowflakeValueInShow("enabled")),
-		Description:      "Specifies whether this security integration is enabled or disabled. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.",
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInShow("enabled"),
+		Description:      booleanStringFieldDescription("Specifies whether this security integration is enabled or disabled."),
 	},
 	"saml2_issuer": {
 		Type:        schema.TypeString,
@@ -49,6 +48,7 @@ var saml2IntegrationSchema = map[string]*schema.Schema{
 		Type:             schema.TypeString,
 		Required:         true,
 		ValidateDiagFunc: sdkValidation(sdk.ToSaml2SecurityIntegrationSaml2ProviderOption),
+		DiffSuppressFunc: NormalizeAndCompare(sdk.ToSaml2SecurityIntegrationSaml2ProviderOption),
 		Description:      fmt.Sprintf("The string describing the IdP. Valid options are: %v.", sdk.AllSaml2SecurityIntegrationSaml2Providers),
 	},
 	"saml2_x509_cert": {
@@ -65,24 +65,24 @@ var saml2IntegrationSchema = map[string]*schema.Schema{
 	"saml2_enable_sp_initiated": {
 		Type:             schema.TypeString,
 		Optional:         true,
-		Default:          "unknown",
-		ValidateDiagFunc: StringInSlice([]string{"true", "false"}, false),
-		DiffSuppressFunc: SuppressIfAny(ignoreCaseSuppressFunc, IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_enable_sp_initiated")),
-		Description:      "The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in With button on the login page. FALSE: does not display the Log in With button on the login page. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.",
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_enable_sp_initiated"),
+		Description:      booleanStringFieldDescription("The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in With button on the login page. FALSE: does not display the Log in With button on the login page."),
 	},
 	"saml2_sign_request": {
 		Type:             schema.TypeString,
 		Optional:         true,
-		Default:          "unknown",
-		ValidateDiagFunc: StringInSlice([]string{"true", "false"}, false),
-		DiffSuppressFunc: SuppressIfAny(ignoreCaseSuppressFunc, IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_sign_request")),
-		Description:      "The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.",
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
+		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_sign_request"),
+		Description:      booleanStringFieldDescription("The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed."),
 	},
 	"saml2_requested_nameid_format": {
 		Type:             schema.TypeString,
 		Optional:         true,
 		ValidateDiagFunc: sdkValidation(sdk.ToSaml2SecurityIntegrationSaml2RequestedNameidFormatOption),
-		DiffSuppressFunc: SuppressIfAny(ignoreCaseSuppressFunc, IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_requested_nameid_format")),
+		DiffSuppressFunc: SuppressIfAny(NormalizeAndCompare(sdk.ToSaml2SecurityIntegrationSaml2RequestedNameidFormatOption), IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_requested_nameid_format")),
 		Description:      fmt.Sprintf("The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. Valid options are: %v", sdk.AllSaml2SecurityIntegrationSaml2RequestedNameidFormats),
 	},
 	"saml2_post_logout_redirect_url": {
@@ -94,10 +94,10 @@ var saml2IntegrationSchema = map[string]*schema.Schema{
 	"saml2_force_authn": {
 		Type:             schema.TypeString,
 		Optional:         true,
-		Default:          "unknown",
-		ValidateDiagFunc: StringInSlice([]string{"true", "false"}, false),
+		Default:          BooleanDefault,
+		ValidateDiagFunc: validateBooleanString,
 		DiffSuppressFunc: IgnoreChangeToCurrentSnowflakeValueInDescribe("saml2_force_authn"),
-		Description:      "The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake. Available options are: `true` or `false`. When the value is not set in the configuration the provider will put `unknown` there which means to use the Snowflake default for this value.",
+		Description:      booleanStringFieldDescription("The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake."),
 	},
 	"saml2_snowflake_issuer_url": {
 		Type:             schema.TypeString,
@@ -198,7 +198,7 @@ func ImportSaml2Integration(ctx context.Context, d *schema.ResourceData, meta an
 	if err := d.Set("comment", integration.Comment); err != nil {
 		return nil, err
 	}
-	if err := d.Set("enabled", fmt.Sprintf("%t", integration.Enabled)); err != nil {
+	if err := d.Set("enabled", booleanStringFromBool(integration.Enabled)); err != nil {
 		return nil, err
 	}
 
@@ -222,7 +222,11 @@ func ImportSaml2Integration(ctx context.Context, d *schema.ResourceData, meta an
 	if err != nil {
 		return nil, fmt.Errorf("failed to find saml2 provider, err = %w", err)
 	}
-	if err := d.Set("saml2_provider", samlProvider.Value); err != nil {
+	samlProviderValue, err := sdk.ToSaml2SecurityIntegrationSaml2ProviderOption(samlProvider.Value)
+	if err != nil {
+		return nil, err
+	}
+	if err := d.Set("saml2_provider", samlProviderValue); err != nil {
 		return nil, err
 	}
 
@@ -340,21 +344,22 @@ func ImportSaml2Integration(ctx context.Context, d *schema.ResourceData, meta an
 func CreateContextSAML2Integration(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	client := meta.(*provider.Context).Client
 
+	id := sdk.NewAccountObjectIdentifier(d.Get("name").(string))
 	samlProvider, err := sdk.ToSaml2SecurityIntegrationSaml2ProviderOption(d.Get("saml2_provider").(string))
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
 	req := sdk.NewCreateSaml2SecurityIntegrationRequest(
-		sdk.NewAccountObjectIdentifier(d.Get("name").(string)),
+		id,
 		d.Get("saml2_issuer").(string),
 		d.Get("saml2_sso_url").(string),
 		samlProvider,
 		d.Get("saml2_x509_cert").(string),
 	)
 
-	if v := d.Get("enabled").(string); v != "unknown" {
-		parsed, err := strconv.ParseBool(v)
+	if v := d.Get("enabled").(string); v != BooleanDefault {
+		parsed, err := booleanStringToBool(v)
 		if err != nil {
 			return diag.FromErr(err)
 		}
@@ -365,16 +370,16 @@ func CreateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 		req.WithSaml2SpInitiatedLoginPageLabel(v.(string))
 	}
 
-	if v := d.Get("saml2_enable_sp_initiated").(string); v != "unknown" {
-		parsed, err := strconv.ParseBool(v)
+	if v := d.Get("saml2_enable_sp_initiated").(string); v != BooleanDefault {
+		parsed, err := booleanStringToBool(v)
 		if err != nil {
 			return diag.FromErr(err)
 		}
 		req.WithSaml2EnableSpInitiated(parsed)
 	}
 
-	if v := d.Get("saml2_sign_request").(string); v != "unknown" {
-		parsed, err := strconv.ParseBool(v)
+	if v := d.Get("saml2_sign_request").(string); v != BooleanDefault {
+		parsed, err := booleanStringToBool(v)
 		if err != nil {
 			return diag.FromErr(err)
 		}
@@ -393,8 +398,8 @@ func CreateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 		req.WithSaml2PostLogoutRedirectUrl(v.(string))
 	}
 
-	if v := d.Get("saml2_force_authn").(string); v != "unknown" {
-		parsed, err := strconv.ParseBool(v)
+	if v := d.Get("saml2_force_authn").(string); v != BooleanDefault {
+		parsed, err := booleanStringToBool(v)
 		if err != nil {
 			return diag.FromErr(err)
 		}
@@ -439,7 +444,7 @@ func CreateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 		return diag.FromErr(err)
 	}
 
-	d.SetId(d.Get("name").(string))
+	d.SetId(helpers.EncodeSnowflakeID(id))
 
 	return ReadContextSAML2Integration(false)(ctx, d, meta)
 }
@@ -497,7 +502,11 @@ func ReadContextSAML2Integration(withExternalChangesMarking bool) schema.ReadCon
 		if err != nil {
 			return diag.FromErr(fmt.Errorf("failed to find saml2 provider, err = %w", err))
 		}
-		if err := d.Set("saml2_provider", samlProvider.Value); err != nil {
+		samlProviderValue, err := sdk.ToSaml2SecurityIntegrationSaml2ProviderOption(samlProvider.Value)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		if err := d.Set("saml2_provider", samlProviderValue); err != nil {
 			return diag.FromErr(err)
 		}
 
@@ -545,7 +554,7 @@ func ReadContextSAML2Integration(withExternalChangesMarking bool) schema.ReadCon
 
 		if withExternalChangesMarking {
 			if err = handleExternalChangesToObjectInShow(d,
-				showMapping{"enabled", "enabled", integration.Enabled, integration.Enabled, nil},
+				showMapping{"enabled", "enabled", integration.Enabled, booleanStringFromBool(integration.Enabled), nil},
 			); err != nil {
 				return diag.FromErr(err)
 			}
@@ -612,50 +621,17 @@ func ReadContextSAML2Integration(withExternalChangesMarking bool) schema.ReadCon
 			}
 		}
 
-		// These are all identity sets, needed for the case where:
-		// - previous config was empty (therefore Snowflake defaults had been used)
-		// - new config have the same values that are already in SF
-		if !d.GetRawConfig().IsNull() {
-			if v := d.GetRawConfig().AsValueMap()["enabled"]; !v.IsNull() {
-				if err = d.Set("enabled", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_enable_sp_initiated"]; !v.IsNull() {
-				if err = d.Set("saml2_enable_sp_initiated", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_sign_request"]; !v.IsNull() {
-				if err = d.Set("saml2_sign_request", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_requested_nameid_format"]; !v.IsNull() {
-				if err = d.Set("saml2_requested_nameid_format", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_force_authn"]; !v.IsNull() {
-				if err = d.Set("saml2_force_authn", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_snowflake_acs_url"]; !v.IsNull() {
-				if err = d.Set("saml2_snowflake_acs_url", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_snowflake_issuer_url"]; !v.IsNull() {
-				if err = d.Set("saml2_snowflake_issuer_url", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
-			if v := d.GetRawConfig().AsValueMap()["saml2_sp_initiated_login_page_label"]; !v.IsNull() {
-				if err = d.Set("saml2_sp_initiated_login_page_label", v.AsString()); err != nil {
-					return diag.FromErr(err)
-				}
-			}
+		if err = setStateToValuesFromConfig(d, saml2IntegrationSchema, []string{
+			"enabled",
+			"saml2_enable_sp_initiated",
+			"saml2_sign_request",
+			"saml2_requested_nameid_format",
+			"saml2_force_authn",
+			"saml2_snowflake_acs_url",
+			"saml2_snowflake_issuer_url",
+			"saml2_sp_initiated_login_page_label",
+		}); err != nil {
+			return diag.FromErr(err)
 		}
 
 		if err = d.Set(ShowOutputAttributeName, []map[string]any{schemas.SecurityIntegrationToSchema(integration)}); err != nil {
@@ -676,8 +652,8 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	set, unset := sdk.NewSaml2IntegrationSetRequest(), sdk.NewSaml2IntegrationUnsetRequest()
 
 	if d.HasChange("enabled") {
-		if v := d.Get("enabled").(string); v != "unknown" {
-			parsed, err := strconv.ParseBool(v)
+		if v := d.Get("enabled").(string); v != BooleanDefault {
+			parsed, err := booleanStringToBool(v)
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -715,8 +691,8 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("saml2_enable_sp_initiated") {
-		if v := d.Get("saml2_enable_sp_initiated").(string); v != "unknown" {
-			parsed, err := strconv.ParseBool(v)
+		if v := d.Get("saml2_enable_sp_initiated").(string); v != BooleanDefault {
+			parsed, err := booleanStringToBool(v)
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -728,8 +704,8 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("saml2_sign_request") {
-		if v := d.Get("saml2_sign_request").(string); v != "unknown" {
-			parsed, err := strconv.ParseBool(v)
+		if v := d.Get("saml2_sign_request").(string); v != BooleanDefault {
+			parsed, err := booleanStringToBool(v)
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -741,8 +717,8 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("saml2_requested_nameid_format") {
-		if v := d.Get("saml2_requested_nameid_format").(string); len(v) > 0 {
-			value, err := sdk.ToSaml2SecurityIntegrationSaml2RequestedNameidFormatOption(v)
+		if v, ok := d.GetOk("saml2_requested_nameid_format"); ok {
+			value, err := sdk.ToSaml2SecurityIntegrationSaml2RequestedNameidFormatOption(v.(string))
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -753,16 +729,16 @@ func UpdateContextSAML2Integration(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if d.HasChange("saml2_post_logout_redirect_url") {
-		if v := d.Get("saml2_post_logout_redirect_url").(string); len(v) > 0 {
-			set.WithSaml2PostLogoutRedirectUrl(v)
+		if v, ok := d.GetOk("saml2_post_logout_redirect_url"); ok {
+			set.WithSaml2PostLogoutRedirectUrl(v.(string))
 		} else {
 			unset.WithSaml2PostLogoutRedirectUrl(true)
 		}
 	}
 
 	if d.HasChange("saml2_force_authn") {
-		if v := d.Get("saml2_force_authn").(string); v != "unknown" {
-			parsed, err := strconv.ParseBool(v)
+		if v := d.Get("saml2_force_authn").(string); v != BooleanDefault {
+			parsed, err := booleanStringToBool(v)
 			if err != nil {
 				return diag.FromErr(err)
 			}
diff --git a/pkg/resources/saml2_integration_acceptance_test.go b/pkg/resources/saml2_integration_acceptance_test.go
index 76586044b1..9b2469a74e 100644
--- a/pkg/resources/saml2_integration_acceptance_test.go
+++ b/pkg/resources/saml2_integration_acceptance_test.go
@@ -78,17 +78,17 @@ func TestAcc_Saml2Integration_basic(t *testing.T) {
 				ConfigVariables: m(issuer, string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom), validUrl, cert, false, false),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "name", id.Name()),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_issuer", issuer),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sso_url", validUrl),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_provider", string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_x509_cert", cert),
 					resource.TestCheckNoResourceAttr("snowflake_saml2_integration.test", "saml2_sp_initiated_login_page_label"),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_enable_sp_initiated", "unknown"),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sign_request", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_enable_sp_initiated", "default"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sign_request", "default"),
 					resource.TestCheckNoResourceAttr("snowflake_saml2_integration.test", "saml2_requested_nameid_format"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_post_logout_redirect_url", ""),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckNoResourceAttr("snowflake_saml2_integration.test", "saml2_snowflake_issuer_url"),
 					resource.TestCheckNoResourceAttr("snowflake_saml2_integration.test", "saml2_snowflake_acs_url"),
 					resource.TestCheckNoResourceAttr("snowflake_saml2_integration.test", "allowed_user_domains"),
@@ -316,17 +316,17 @@ func TestAcc_Saml2Integration_basic(t *testing.T) {
 				ConfigVariables: m(issuer, string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom), validUrl, cert, false, true),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "name", id.Name()),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_issuer", issuer),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sso_url", validUrl),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_provider", string(sdk.Saml2SecurityIntegrationSaml2ProviderCustom)),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_x509_cert", cert),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sp_initiated_login_page_label", "foo"),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_enable_sp_initiated", "unknown"),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sign_request", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_enable_sp_initiated", "default"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_sign_request", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_requested_nameid_format", ""),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_post_logout_redirect_url", ""),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_snowflake_issuer_url", issuerURL),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_snowflake_acs_url", acsURL),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "allowed_user_domains.#", "1"),
@@ -465,12 +465,12 @@ func TestAcc_Saml2Integration_forceAuthn(t *testing.T) {
 					PreApply: []plancheck.PlanCheck{
 						plancheck.ExpectResourceAction("snowflake_saml2_integration.test", plancheck.ResourceActionUpdate),
 						planchecks.PrintPlanDetails("snowflake_saml2_integration.test", "saml2_force_authn", "describe_output"),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("true"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("true"), sdk.String("default")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
 					},
 				},
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.#", "1"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.0.saml2_force_authn.0.value", "false"),
 				),
@@ -480,7 +480,7 @@ func TestAcc_Saml2Integration_forceAuthn(t *testing.T) {
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PreApply: []plancheck.PlanCheck{
 						planchecks.PrintPlanDetails("snowflake_saml2_integration.test", "saml2_force_authn", "describe_output"),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("unknown"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("default"), sdk.String("default")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
 					},
 				},
@@ -501,12 +501,12 @@ func TestAcc_Saml2Integration_forceAuthn(t *testing.T) {
 					PreApply: []plancheck.PlanCheck{
 						plancheck.ExpectNonEmptyPlan(),
 						planchecks.PrintPlanDetails("snowflake_saml2_integration.test", "saml2_force_authn", "describe_output"),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("false"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("false"), sdk.String("default")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
 					},
 				},
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.#", "1"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.0.saml2_force_authn.0.value", "false"),
 				),
@@ -522,12 +522,12 @@ func TestAcc_Saml2Integration_forceAuthn(t *testing.T) {
 					PreApply: []plancheck.PlanCheck{
 						plancheck.ExpectNonEmptyPlan(),
 						planchecks.PrintPlanDetails("snowflake_saml2_integration.test", "saml2_force_authn", "describe_output"),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("true"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("true"), sdk.String("default")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
 					},
 				},
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.#", "1"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "describe_output.0.saml2_force_authn.0.value", "false"),
 				),
@@ -976,16 +976,16 @@ func TestAcc_Saml2Integration_DefaultValues(t *testing.T) {
 				ConfigVariables: configVariables,
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PreApply: []plancheck.PlanCheck{
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "enabled", tfjson.ActionUpdate, sdk.String("false"), sdk.String("unknown")),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("false"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "enabled", tfjson.ActionUpdate, sdk.String("false"), sdk.String("default")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("false"), sdk.String("default")),
 						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_post_logout_redirect_url", tfjson.ActionUpdate, sdk.String(""), sdk.String("")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "show_output", true),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
 					},
 				},
 				Check: resource.ComposeAggregateTestCheckFunc(
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "unknown"),
-					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "unknown"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "enabled", "default"),
+					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_force_authn", "default"),
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "saml2_post_logout_redirect_url", ""),
 
 					resource.TestCheckResourceAttr("snowflake_saml2_integration.test", "show_output.#", "1"),
@@ -1002,8 +1002,8 @@ func TestAcc_Saml2Integration_DefaultValues(t *testing.T) {
 				ConfigVariables: configVariables,
 				ConfigPlanChecks: resource.ConfigPlanChecks{
 					PreApply: []plancheck.PlanCheck{
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "enabled", tfjson.ActionUpdate, sdk.String("unknown"), sdk.String("unknown")),
-						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("unknown"), sdk.String("unknown")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "enabled", tfjson.ActionUpdate, sdk.String("default"), sdk.String("default")),
+						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_force_authn", tfjson.ActionUpdate, sdk.String("default"), sdk.String("default")),
 						planchecks.ExpectChange("snowflake_saml2_integration.test", "saml2_post_logout_redirect_url", tfjson.ActionUpdate, sdk.String(""), sdk.String("")),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "show_output", true),
 						planchecks.ExpectComputed("snowflake_saml2_integration.test", "describe_output", true),
diff --git a/pkg/resources/scim_integration_acceptance_test.go b/pkg/resources/scim_integration_acceptance_test.go
index 25eb70cbe4..4c3708b772 100644
--- a/pkg/resources/scim_integration_acceptance_test.go
+++ b/pkg/resources/scim_integration_acceptance_test.go
@@ -63,7 +63,7 @@ func TestAcc_ScimIntegration_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("snowflake_scim_integration.test", "run_as_role", role.Name()),
 					resource.TestCheckNoResourceAttr("snowflake_scim_integration.test", "network_policy"),
 					resource.TestCheckResourceAttr("snowflake_scim_integration.test", "sync_password", r.BooleanDefault),
-					resource.TestCheckNoResourceAttr("snowflake_scim_integration.test", "comment"),
+					resource.TestCheckResourceAttr("snowflake_scim_integration.test", "comment", ""),
 
 					resource.TestCheckResourceAttr("snowflake_scim_integration.test", "show_output.#", "1"),
 					resource.TestCheckResourceAttr("snowflake_scim_integration.test", "show_output.0.name", id.Name()),
diff --git a/pkg/resources/special_values.go b/pkg/resources/special_values.go
index c4837cd94a..3fa44729f0 100644
--- a/pkg/resources/special_values.go
+++ b/pkg/resources/special_values.go
@@ -37,3 +37,7 @@ func booleanStringToBool(value string) (bool, error) {
 func booleanStringFieldDescription(description string) string {
 	return fmt.Sprintf(`%s Available options are: "%s" or "%s". When the value is not set in the configuration the provider will put "%s" there which means to use the Snowflake default for this value.`, description, BooleanTrue, BooleanFalse, BooleanDefault)
 }
+
+func externalChangesNotDetectedFieldDescription(description string) string {
+	return fmt.Sprintf(`%s External changes for this field won't be detected. In case you want to apply external changes, you can re-create the resource manually using "terraform taint".`, description)
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf
new file mode 100644
index 0000000000..5bef8bad73
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/test.tf
@@ -0,0 +1,6 @@
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name               = var.name
+  oauth_client       = var.oauth_client
+  oauth_redirect_uri = var.oauth_redirect_uri
+  blocked_roles_list = var.blocked_roles_list
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf
new file mode 100644
index 0000000000..e475d52432
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic/variables.tf
@@ -0,0 +1,12 @@
+variable "name" {
+  type = string
+}
+variable "oauth_client" {
+  type = string
+}
+variable "oauth_redirect_uri" {
+  type = string
+}
+variable "blocked_roles_list" {
+  type = set(string)
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/test.tf
new file mode 100644
index 0000000000..d7cace78a2
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/test.tf
@@ -0,0 +1,5 @@
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name               = var.name
+  oauth_client       = var.oauth_client
+  blocked_roles_list = var.blocked_roles_list
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/variables.tf
new file mode 100644
index 0000000000..a3fe83b9ea
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/basic_tableau/variables.tf
@@ -0,0 +1,9 @@
+variable "name" {
+  type = string
+}
+variable "oauth_client" {
+  type = string
+}
+variable "blocked_roles_list" {
+  type = set(string)
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf
new file mode 100644
index 0000000000..b794d0536d
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/test.tf
@@ -0,0 +1,11 @@
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name                         = var.name
+  oauth_client                 = var.oauth_client
+  oauth_redirect_uri           = var.oauth_redirect_uri
+  blocked_roles_list           = var.blocked_roles_list
+  enabled                      = var.enabled
+  oauth_issue_refresh_tokens   = var.oauth_issue_refresh_tokens
+  oauth_refresh_token_validity = var.oauth_refresh_token_validity
+  oauth_use_secondary_roles    = var.oauth_use_secondary_roles
+  comment                      = var.comment
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf
new file mode 100644
index 0000000000..e3775c0ee4
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete/variables.tf
@@ -0,0 +1,27 @@
+variable "name" {
+  type = string
+}
+variable "oauth_client" {
+  type = string
+}
+variable "oauth_redirect_uri" {
+  type = string
+}
+variable "blocked_roles_list" {
+  type = set(string)
+}
+variable "enabled" {
+  type = string
+}
+variable "oauth_issue_refresh_tokens" {
+  type = string
+}
+variable "oauth_refresh_token_validity" {
+  type = string
+}
+variable "oauth_use_secondary_roles" {
+  type = string
+}
+variable "comment" {
+  type = string
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/test.tf
new file mode 100644
index 0000000000..1524489d61
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/test.tf
@@ -0,0 +1,10 @@
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name                         = var.name
+  oauth_client                 = var.oauth_client
+  blocked_roles_list           = var.blocked_roles_list
+  enabled                      = var.enabled
+  oauth_issue_refresh_tokens   = var.oauth_issue_refresh_tokens
+  oauth_refresh_token_validity = var.oauth_refresh_token_validity
+  oauth_use_secondary_roles    = var.oauth_use_secondary_roles
+  comment                      = var.comment
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/variables.tf
new file mode 100644
index 0000000000..0c6ad5489e
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/complete_tableau/variables.tf
@@ -0,0 +1,24 @@
+variable "name" {
+  type = string
+}
+variable "oauth_client" {
+  type = string
+}
+variable "blocked_roles_list" {
+  type = set(string)
+}
+variable "enabled" {
+  type = string
+}
+variable "oauth_issue_refresh_tokens" {
+  type = string
+}
+variable "oauth_refresh_token_validity" {
+  type = string
+}
+variable "oauth_use_secondary_roles" {
+  type = string
+}
+variable "comment" {
+  type = string
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf
new file mode 100644
index 0000000000..b6c1f07b0e
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/test.tf
@@ -0,0 +1,6 @@
+resource "snowflake_oauth_integration_for_partner_applications" "test" {
+  name                      = var.name
+  oauth_client              = var.oauth_client
+  oauth_use_secondary_roles = var.oauth_use_secondary_roles
+  blocked_roles_list        = var.blocked_roles_list
+}
diff --git a/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf
new file mode 100644
index 0000000000..3c71b17ab4
--- /dev/null
+++ b/pkg/resources/testdata/TestAcc_OauthIntegrationForPartnerApplications/invalid/variables.tf
@@ -0,0 +1,12 @@
+variable "name" {
+  type = string
+}
+variable "oauth_client" {
+  type = string
+}
+variable "oauth_use_secondary_roles" {
+  type = string
+}
+variable "blocked_roles_list" {
+  type = set(string)
+}
diff --git a/pkg/schemas/oauth_security_integration_for_partner_applications.go b/pkg/schemas/oauth_security_integration_for_partner_applications.go
new file mode 100644
index 0000000000..b17811f3cd
--- /dev/null
+++ b/pkg/schemas/oauth_security_integration_for_partner_applications.go
@@ -0,0 +1,63 @@
+package schemas
+
+import (
+	"log"
+	"strings"
+
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+var DescribeOauthIntegrationForPartnerApplications = map[string]*schema.Schema{
+	"oauth_client_type":                     DescribePropertyListSchema,
+	"oauth_redirect_uri":                    DescribePropertyListSchema,
+	"enabled":                               DescribePropertyListSchema,
+	"oauth_allow_non_tls_redirect_uri":      DescribePropertyListSchema,
+	"oauth_enforce_pkce":                    DescribePropertyListSchema,
+	"oauth_use_secondary_roles":             DescribePropertyListSchema,
+	"pre_authorized_roles_list":             DescribePropertyListSchema,
+	"blocked_roles_list":                    DescribePropertyListSchema,
+	"oauth_issue_refresh_tokens":            DescribePropertyListSchema,
+	"oauth_refresh_token_validity":          DescribePropertyListSchema,
+	"network_policy":                        DescribePropertyListSchema,
+	"oauth_client_rsa_public_key_fp":        DescribePropertyListSchema,
+	"oauth_client_rsa_public_key_2_fp":      DescribePropertyListSchema,
+	"comment":                               DescribePropertyListSchema,
+	"oauth_client_id":                       DescribePropertyListSchema,
+	"oauth_authorization_endpoint":          DescribePropertyListSchema,
+	"oauth_token_endpoint":                  DescribePropertyListSchema,
+	"oauth_allowed_authorization_endpoints": DescribePropertyListSchema,
+	"oauth_allowed_token_endpoints":         DescribePropertyListSchema,
+}
+
+func DescribeOauthIntegrationForPartnerApplicationsToSchema(integrationProperties []sdk.SecurityIntegrationProperty) map[string]any {
+	securityIntegrationProperties := make(map[string]any)
+	for _, property := range integrationProperties {
+		property := property
+		switch property.Name {
+		case "OAUTH_CLIENT_TYPE",
+			"OAUTH_REDIRECT_URI",
+			"ENABLED",
+			"OAUTH_ALLOW_NON_TLS_REDIRECT_URI",
+			"OAUTH_ENFORCE_PKCE",
+			"OAUTH_USE_SECONDARY_ROLES",
+			"PRE_AUTHORIZED_ROLES_LIST",
+			"BLOCKED_ROLES_LIST",
+			"OAUTH_ISSUE_REFRESH_TOKENS",
+			"OAUTH_REFRESH_TOKEN_VALIDITY",
+			"NETWORK_POLICY",
+			"OAUTH_CLIENT_RSA_PUBLIC_KEY_FP",
+			"OAUTH_CLIENT_RSA_PUBLIC_KEY_2_FP",
+			"COMMENT",
+			"OAUTH_CLIENT_ID",
+			"OAUTH_AUTHORIZATION_ENDPOINT",
+			"OAUTH_TOKEN_ENDPOINT",
+			"OAUTH_ALLOWED_AUTHORIZATION_ENDPOINTS",
+			"OAUTH_ALLOWED_TOKEN_ENDPOINTS":
+			securityIntegrationProperties[strings.ToLower(property.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&property)}
+		default:
+			log.Printf("[WARN] unexpected property %v returned from Snowflake", property.Name)
+		}
+	}
+	return securityIntegrationProperties
+}
diff --git a/pkg/schemas/security_integration.go b/pkg/schemas/security_integration.go
index e278a293a5..d0278f5cd2 100644
--- a/pkg/schemas/security_integration.go
+++ b/pkg/schemas/security_integration.go
@@ -1,21 +1,64 @@
 package schemas
 
 import (
+	"log"
+	"strings"
+
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 // TODO [SNOW-1348100]: multiple PRs touching the security integrations are in progress, this should be filled by all the possible properties (the mapping method below should be too)
 var SecurityIntegrationDescribeSchema = map[string]*schema.Schema{
-	"todo": DescribePropertyListSchema,
+	"oauth_client_type":                     DescribePropertyListSchema,
+	"oauth_redirect_uri":                    DescribePropertyListSchema,
+	"enabled":                               DescribePropertyListSchema,
+	"oauth_allow_non_tls_redirect_uri":      DescribePropertyListSchema,
+	"oauth_enforce_pkce":                    DescribePropertyListSchema,
+	"oauth_use_secondary_roles":             DescribePropertyListSchema,
+	"pre_authorized_roles_list":             DescribePropertyListSchema,
+	"blocked_roles_list":                    DescribePropertyListSchema,
+	"oauth_issue_refresh_tokens":            DescribePropertyListSchema,
+	"oauth_refresh_token_validity":          DescribePropertyListSchema,
+	"network_policy":                        DescribePropertyListSchema,
+	"oauth_client_rsa_public_key_fp":        DescribePropertyListSchema,
+	"oauth_client_rsa_public_key_2_fp":      DescribePropertyListSchema,
+	"comment":                               DescribePropertyListSchema,
+	"oauth_client_id":                       DescribePropertyListSchema,
+	"oauth_authorization_endpoint":          DescribePropertyListSchema,
+	"oauth_token_endpoint":                  DescribePropertyListSchema,
+	"oauth_allowed_authorization_endpoints": DescribePropertyListSchema,
+	"oauth_allowed_token_endpoints":         DescribePropertyListSchema,
 }
 
-func SecurityIntegrationsDescriptionsToSchema(descriptions []sdk.SecurityIntegrationProperty) map[string]any {
+func SecurityIntegrationsDescriptionsToSchema(integrationProperties []sdk.SecurityIntegrationProperty) map[string]any {
 	securityIntegrationProperties := make(map[string]any)
-	for _, desc := range descriptions {
-		desc := desc
-		propertySchema := SecurityIntegrationPropertyToSchema(&desc)
-		securityIntegrationProperties["todo"] = []map[string]any{propertySchema}
+	for _, property := range integrationProperties {
+		property := property
+		switch property.Name {
+		case "OAUTH_CLIENT_TYPE",
+			"OAUTH_REDIRECT_URI",
+			"ENABLED",
+			"OAUTH_ALLOW_NON_TLS_REDIRECT_URI",
+			"OAUTH_ENFORCE_PKCE",
+			"OAUTH_USE_SECONDARY_ROLES",
+			"PRE_AUTHORIZED_ROLES_LIST",
+			"BLOCKED_ROLES_LIST",
+			"OAUTH_ISSUE_REFRESH_TOKENS",
+			"OAUTH_REFRESH_TOKEN_VALIDITY",
+			"NETWORK_POLICY",
+			"OAUTH_CLIENT_RSA_PUBLIC_KEY_FP",
+			"OAUTH_CLIENT_RSA_PUBLIC_KEY_2_FP",
+			"COMMENT",
+			"OAUTH_CLIENT_ID",
+			"OAUTH_AUTHORIZATION_ENDPOINT",
+			"OAUTH_TOKEN_ENDPOINT",
+			"OAUTH_ALLOWED_AUTHORIZATION_ENDPOINTS",
+			"OAUTH_ALLOWED_TOKEN_ENDPOINTS":
+			securityIntegrationProperties[strings.ToLower(property.Name)] = []map[string]any{SecurityIntegrationPropertyToSchema(&property)}
+		default:
+			log.Printf("[WARN] unexpected property %v returned from Snowflake", property.Name)
+		}
 	}
 	return securityIntegrationProperties
 }
diff --git a/pkg/sdk/parameters.go b/pkg/sdk/parameters.go
index 87d4cfe0bd..4f178bc73f 100644
--- a/pkg/sdk/parameters.go
+++ b/pkg/sdk/parameters.go
@@ -351,6 +351,7 @@ const (
 	AccountParameterInitialReplicationSizeLimitInTB                  AccountParameter = "INITIAL_REPLICATION_SIZE_LIMIT_IN_TB"
 	AccountParameterMinDataRetentionTimeInDays                       AccountParameter = "MIN_DATA_RETENTION_TIME_IN_DAYS"
 	AccountParameterNetworkPolicy                                    AccountParameter = "NETWORK_POLICY"
+	AccountParameterOAuthAddPrivilegedRolesToBlockedList             AccountParameter = "OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST"
 	AccountParameterPeriodicDataRekeying                             AccountParameter = "PERIODIC_DATA_REKEYING"
 	AccountParameterPreventLoadFromInlineURL                         AccountParameter = "PREVENT_LOAD_FROM_INLINE_URL"
 	AccountParameterPreventUnloadToInlineURL                         AccountParameter = "PREVENT_UNLOAD_TO_INLINE_URL"
diff --git a/pkg/sdk/security_integrations_gen.go b/pkg/sdk/security_integrations_gen.go
index b3a5c8801f..2e9ac0572c 100644
--- a/pkg/sdk/security_integrations_gen.go
+++ b/pkg/sdk/security_integrations_gen.go
@@ -372,7 +372,7 @@ type OauthForPartnerApplicationsIntegrationSet struct {
 	OauthRefreshTokenValidity *int                                             `ddl:"parameter" sql:"OAUTH_REFRESH_TOKEN_VALIDITY"`
 	OauthUseSecondaryRoles    *OauthSecurityIntegrationUseSecondaryRolesOption `ddl:"parameter" sql:"OAUTH_USE_SECONDARY_ROLES"`
 	BlockedRolesList          *BlockedRolesList                                `ddl:"parameter,parentheses" sql:"BLOCKED_ROLES_LIST"`
-	Comment                   *string                                          `ddl:"parameter,single_quotes" sql:"COMMENT"`
+	Comment                   *StringAllowEmpty                                `ddl:"parameter" sql:"COMMENT"`
 }
 type OauthForPartnerApplicationsIntegrationUnset struct {
 	Enabled                *bool `ddl:"keyword" sql:"ENABLED"`
diff --git a/pkg/sdk/security_integrations_gen_test.go b/pkg/sdk/security_integrations_gen_test.go
index f867465a44..011076de3b 100644
--- a/pkg/sdk/security_integrations_gen_test.go
+++ b/pkg/sdk/security_integrations_gen_test.go
@@ -961,10 +961,10 @@ func TestSecurityIntegrations_AlterOauthForPartnerApplications(t *testing.T) {
 			OauthRefreshTokenValidity: Pointer(42),
 			OauthUseSecondaryRoles:    Pointer(OauthSecurityIntegrationUseSecondaryRolesNone),
 			BlockedRolesList:          &BlockedRolesList{BlockedRolesList: []AccountObjectIdentifier{roleID}},
-			Comment:                   Pointer("a"),
+			Comment:                   Pointer(StringAllowEmpty{""}),
 		}
 		assertOptsValidAndSQLEquals(t, opts, "ALTER SECURITY INTEGRATION %s SET ENABLED = true, OAUTH_ISSUE_REFRESH_TOKENS = true, OAUTH_REDIRECT_URI = 'uri', OAUTH_REFRESH_TOKEN_VALIDITY = 42,"+
-			" OAUTH_USE_SECONDARY_ROLES = NONE, BLOCKED_ROLES_LIST = (%s), COMMENT = 'a'", id.FullyQualifiedName(), roleID.FullyQualifiedName())
+			" OAUTH_USE_SECONDARY_ROLES = NONE, BLOCKED_ROLES_LIST = (%s), COMMENT = ''", id.FullyQualifiedName(), roleID.FullyQualifiedName())
 	})
 
 	t.Run("all options - unset", func(t *testing.T) {
diff --git a/pkg/sdk/security_integrations_impl_gen.go b/pkg/sdk/security_integrations_impl_gen.go
index f77857865f..45a3195d5e 100644
--- a/pkg/sdk/security_integrations_impl_gen.go
+++ b/pkg/sdk/security_integrations_impl_gen.go
@@ -498,8 +498,9 @@ func (r *AlterOauthForPartnerApplicationsSecurityIntegrationRequest) toOpts() *A
 			OauthRedirectUri:          r.Set.OauthRedirectUri,
 			OauthRefreshTokenValidity: r.Set.OauthRefreshTokenValidity,
 			OauthUseSecondaryRoles:    r.Set.OauthUseSecondaryRoles,
-
-			Comment: r.Set.Comment,
+		}
+		if r.Set.Comment != nil {
+			opts.Set.Comment = &StringAllowEmpty{*r.Set.Comment}
 		}
 
 		if r.Set.BlockedRolesList != nil {
diff --git a/templates/resources/oauth_integration_for_partner_applications.md.tmpl b/templates/resources/oauth_integration_for_partner_applications.md.tmpl
new file mode 100644
index 0000000000..e7f66bbf91
--- /dev/null
+++ b/templates/resources/oauth_integration_for_partner_applications.md.tmpl
@@ -0,0 +1,32 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ if gt (len (split .Description "<deprecation>")) 1 -}}
+{{ index (split .Description "<deprecation>") 1 | plainmarkdown | trimspace | prefixlines "  " }}
+{{- else -}}
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+{{- end }}
+---
+
+!> **V1 release candidate** This resource was reworked and is a release candidate for the V1. We do not expect significant changes in it before the V1. We will welcome any feedback and adjust the resource if needed. Any errors reported will be resolved with a higher priority. We encourage checking this resource out before the V1 release. Please follow the [migration guide](https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/MIGRATION_GUIDE.md#v0920--v0930) to use it.
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+{{ if .HasExample -}}
+## Example Usage
+
+{{ tffile (printf "examples/resources/%s/resource.tf" .Name)}}
+{{- end }}
+
+{{ .SchemaMarkdown | trimspace }}
+{{- if .HasImport }}
+
+## Import
+
+Import is supported using the following syntax:
+
+{{ codefile "shell" (printf "examples/resources/%s/import.sh" .Name)}}
+{{- end }}