OKTA SSO Implementation With Snowflake

Author: Geetika Bansal


Introduction:

In a federated environment, user authentication is separated from user access with the use of one or more external entities that provide independent authentication of user credentials. The authentication is handled by one or more services, enabling users to access the services through SSO (Single Sign-on) .

One of the providers that is generally used for the cloud-based SSO is Okta.


To integrate Okta SSO with Snowflake, please follow the below steps :

1. Firstly, we need to sign up with Okta by navigating to the below link and clicking on customer identity trial


https://www.okta.com/free-trial/customer-identity/


2. Fill up the details and click on Get Started



3. An email will be sent by Okta to access our Okta Developer Platform


4. Copy your domain link and click on Activate



5. Login in Okta as a Developer Profile with your copied domain link



6. Go to Directory -> People -> Add people



7. Input mandatory fields and then click on Save


Note:

  • Enter email id in Username

  • Create same users in Snowflake instance with email id

  • You can choose to set password as - Set by User or Set by Admin and accordingly user will be able to login in Okta



8. Navigate to Applications -> Applications -> Browse App Catalog



9. Choose Snowflake from search panel and click on Add



10. Define application name and subdomain of your Snowflake account


Eg : kn03860.ap-south-1.aws




11. Click on Next and move to Sign-On Options


12. Choose Sign-On Option as SAML 2.0



13. Click on View Setup Instructions


Note: We need to copy this information and would require it to configure in Snowflake



The required configuration from Okta side is complete and now we need to do few changes from Snowflake side in order to enable it for SSO


14. Run the below code in Snowflake and paste copied data mentioned in Step 13 of Setup Instructions



15. Run the below code in Snowflake and enter you Snowflake account name in highlighted field


alter security integration OKTAINTEGRATION set saml2_snowflake_acs_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com/fed/login';

alter security integration OKTAINTEGRATION set saml2_snowflake_issuer_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com';




16. Run the below code in Snowflake



17. Navigate to the Okta to assign newly created Snowflake application to users so that the user can have access to SSO


18. After setting up, click on Done



19. Your Snowflake application will be created.


20. Click on your Snowflake application



21. Assign people created above to your Snowflake application



22. Click on Assign to People



23. Assign People



24. All people assigned to Snowflake application will be visible


25. A green indicator for enable of SAML 2.0 will be visible



26. Navigate to My end user Dashboard



Note: Whenever user logins who is not an Okta Admin, has to login via Okta end user URL


27. Navigate to My Apps and click on Snowflake



28. You should be able to login successfully in Snowflake without entering your credentials


In this way , we have successfully integrated OKTA with Snowflake , which would eliminate the need to manually log-in to Snowflake using credentials , instead handling it as a Single Sign On from Okta.


36 views0 comments

Recent Posts

See All