4. Snowflake Single Sign On Configuration

 

In Snowflake, we can setup either below two methods.

• Service provider (SP):

  In a Snowflake federated environment, Snowflake serves as the SP.

• Identity provider (IdP):

  The external, independent entity responsible for providing the following services to the SP:

  • Creating and maintaining user credentials and other profile information.

  • Authenticating users for SSO access to the SP.

  
  

Supported Identity Providers

• OKTA
• Active Directory Federation Services
• Google G Suite
• OneLogin
• PingOne

Now we will Configure Snowflake to use Federated Authentication.

Step 1: Create a SAML2 Security Integration

create security integration my_idp

  TYPE = saml2

  ENABLED = true

  SAML2_ISSUER = 'https://example.com'

  SAML2_SSO_URL = 'http://myssoprovider.com'

  SAML2_PROVIDER = 'ADFS'

  SAML2_X509_CERT = 'my_x509_cert'

  SAML2_SNOWFLAKE_ISSUER_URL = 'https://<orgname>-<account_name>.privatelink.snowflakecomputing.com'

  SAML2_SNOWFLAKE_ACS_URL = 'https://<orgname>-<account_name>.privatelink.snowflakecomputing.com/fed/login';

Step 2: Configure SSO Login for Users

alter security integration my_idp set SAML2_ENABLE_SP_INITIATED = true;

alter security integration my_idp set SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'My IdP';

Encrypt SAML Assertions

Step 1: Set the SAML2_X509_CERT Parameter

create security integration my_idp

    TYPE = saml2

    ENABLED = true

    SAML2_ISSUER = 'https://example.com'

    SAML2_SSO_URL = 'http://myssoprovider.com'

    SAML2_PROVIDER = 'ADFS'

    SAML2_X509_CERT = 'my_x509_cert'

Step 2: Export the Public Certificate from Snowflake

desc security integration my_idp;

Please refer to below Snowflake Documentation for more in detail.

https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-security-integration