Author: Geetika Bansal
Introduction:
In a federated environment, user authentication is separated from user access with the use of one or more external entities that provide independent authentication of user credentials. The authentication is handled by one or more services, enabling users to access the services through SSO (Single Sign-on) .
One of the providers that is generally used for the cloud-based SSO is Okta.
To integrate Okta SSO with Snowflake, please follow the below steps :
1. Firstly, we need to sign up with Okta by navigating to the below link and clicking on customer identity trial
https://www.okta.com/free-trial/customer-identity/
2. Fill up the details and click on Get Started
3. An email will be sent by Okta to access our Okta Developer Platform
4. Copy your domain link and click on Activate
5. Login in Okta as a Developer Profile with your copied domain link
6. Go to Directory -> People -> Add people
7. Input mandatory fields and then click on Save
Note:
Enter email id in Username
Create same users in Snowflake instance with email id
You can choose to set password as - Set by User or Set by Admin and accordingly user will be able to login in Okta
8. Navigate to Applications -> Applications -> Browse App Catalog
9. Choose Snowflake from search panel and click on Add
10. Define application name and subdomain of your Snowflake account
Eg : kn03860.ap-south-1.aws
11. Click on Next and move to Sign-On Options
12. Choose Sign-On Option as SAML 2.0
13. Click on View Setup Instructions
Note: We need to copy this information and would require it to configure in Snowflake
The required configuration from Okta side is complete and now we need to do few changes from Snowflake side in order to enable it for SSO
14. Run the below code in Snowflake and paste copied data mentioned in Step 13 of Setup Instructions
15. Run the below code in Snowflake and enter you Snowflake account name in highlighted field
alter security integration OKTAINTEGRATION set saml2_snowflake_acs_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com/fed/login';
alter security integration OKTAINTEGRATION set saml2_snowflake_issuer_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com';
16. Run the below code in Snowflake
17. Navigate to the Okta to assign newly created Snowflake application to users so that the user can have access to SSO
18. After setting up, click on Done
19. Your Snowflake application will be created.
20. Click on your Snowflake application
21. Assign people created above to your Snowflake application
22. Click on Assign to People
23. Assign People
24. All people assigned to Snowflake application will be visible
25. A green indicator for enable of SAML 2.0 will be visible
26. Navigate to My end user Dashboard
Note: Whenever user logins who is not an Okta Admin, has to login via Okta end user URL
27. Navigate to My Apps and click on Snowflake
28. You should be able to login successfully in Snowflake without entering your credentials
In this way , we have successfully integrated OKTA with Snowflake , which would eliminate the need to manually log-in to Snowflake using credentials , instead handling it as a Single Sign On from Okta.