In Snowflake, we can setup either below two methods.
- Service provider (SP):
In a Snowflake federated environment, Snowflake serves as the SP.
- Identity provider (IdP):
The external, independent entity responsible for providing the following services to the SP:
Creating and maintaining user credentials and other profile information.
Authenticating users for SSO access to the SP.
Supported Identity Providers
- OKTA
- Active Directory Federation Services
- Google G Suite
- OneLogin
- PingOne
Now we will Configure Snowflake to use Federated Authentication.
Step 1: Create a SAML2 Security Integration
create security integration my_idp
TYPE = saml2
ENABLED = true
SAML2_ISSUER = ‘https://example.com’
SAML2_SSO_URL = ‘http://myssoprovider.com’
SAML2_PROVIDER = ‘ADFS’
SAML2_X509_CERT = ‘my_x509_cert’
SAML2_SNOWFLAKE_ISSUER_URL = ‘https://<orgname>-<account_name>.privatelink.snowflakecomputing.com’
SAML2_SNOWFLAKE_ACS_URL = ‘https://<orgname>-<account_name>.privatelink.snowflakecomputing.com/fed/login’;
Step 2: Configure SSO Login for Users
alter security integration my_idp set SAML2_ENABLE_SP_INITIATED = true;
alter security integration my_idp set SAML2_SP_INITIATED_LOGIN_PAGE_LABEL =
'My IdP';
Encrypt SAML Assertions
Step 1: Set the SAML2_X509_CERT Parameter
create security integration my_idp
TYPE = saml2
ENABLED = true
SAML2_ISSUER = ‘https://example.com’
SAML2_SSO_URL = ‘http://myssoprovider.com’
SAML2_PROVIDER = ‘ADFS’
SAML2_X509_CERT = ‘my_x509_cert’
Step 2: Export the Public Certificate from Snowflake
desc security integration my_idp;
Please refer to below Snowflake Documentation for more in detail.