Implementation Of Okta

Author: Shikhar Srivastava


This Blog will Provide information about how to use OKTA as a Federated Authentication to

connect with Snowflake.



Introduction

Federated authentication allows a user to connect to Snowflake using a secure single sign-on. With SSO enabled, you authenticate users through a SAML 2.0-compliant identity provider (Idp).


Okta is an identity management service that gives us access to any employer in any app on any device. It is hosted on a secure server. It uses cloud technologies to help companies manage and authenticate users in applications. It sells various services, including login, one of the most important programs because it has the unique feature of logging users into multiple applications through one centralized process. It is safe to use and protect our sensitive data even when others use our phones because the developed technology only takes a few minutes to steal our personal information.


Steps

1. Sign up on Okta and log in to Okta as a Developer Profile


To Sign up, click on the below link:

https://developer.okta.com/signup/



2. Go to Directory -> People -> Add people



3. Fill in the necessary fields and click on Save


Note:

  • Enter kipi id in Username

  • Create same users in Snowflake instance with kipi id

  • You can choose to set a password as - Set by User or Set by Admin and accordingly user will be able to login to Okta



4. Navigate to Applications -> Applications -> Browse App Catalog



5. Choose Snowflake from the search panel and click on Add



6. Define the application name and subdomain of your Snowflake account


Eg : Qw02570.ap-south-1.aws



7. Click on Next and move to Sign-On Options


8. Choose Sign-On Option as SAML 2.0



9. Click on View Setup Instructions



10. Run the below code in Snowflake and enter the data mentioned in Step 6 of Setup Instructions



use role accountadmin;

CREATE SECURITY INTEGRATION OKTAINTEGRATION

TYPE = SAML2

ENABLED = TRUE

SAML2_ISSUER = {the value from step 6 of setup Instructions}

SAML2_SSO_URL = {the value from step 6 of setup Instructions}

SAML2_PROVIDER = OKTA

SAML2_X509_CERT = {the value from step 6 of setup Instructions}

SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'OKTA SSO'

SAML2_ENABLE_SP_INITIATED = TRUE;


11. Run the below code in Snowflake and enter your Snowflake account name in the highlighted field



use role accountadmin;

alter security integration OKTAINTEGRATION set saml2_snowflake_acs_url = 'https://<organization_name>-account_name>.snowflakecomputing.com/fed/login';

alter security integration OKTAINTEGRATION set saml2_snowflake_issuer_url = 'https://<organization_name>-account_name>.snowflakecomputing.com';


12. Run the below code in Snowflake



13. After setting up, click on Done



14. Your Snowflake application will be created.


15. Click on your Snowflake application



16. Assign people created above to your Snowflake application



17. Click on Assign to People



18. Assign People



19. All people assigned to the Snowflake application will be visible


20. A green indicator for enabling of SAML 2.0 will be visible



21. Navigate to My end user Dashboard



Note: Whenever user logins who is not an Okta Admin, has to log in via Okta end user URL


22. Navigate to My Apps and click on Snowflake



23. You should be able to login successfully to Snowflake without entering your credentials


24. User will be able to see sign-in using OKTA while logging into Snowflake



Conclusion

This is how to integrate federation authentication and enable a single-sign-on which would eliminate the need to manually log in to Snowflake. By enabling this user authentication is decoupled from user access using one or more external entities (OKTA in our case) that provide independent verification of user credentials.


References

https://medium.com/snowflake/snowflake-security-federated-authentication-and-sso-using-okta-c29ec73856


https://www.youtube.com/watch?v=jHYetezlfks



27 views0 comments

Recent Posts

See All