top of page

OKTA SSO Implementation With Snowflake

Updated: Mar 16

Author: Geetika Bansal


Introduction:

In a federated environment, user authentication is separated from user access by using one or more external entities that provide independent authentication of user credentials. The authentication is handled by one or more services, enabling users to access the services through SSO (Single Sign-on).

Okta is one of the providers generally used for cloud-based SSO.


To integrate Okta SSO with Snowflake, please follow the below steps :

1. First, we need to sign up with Okta by navigating to the below link and clicking on the customer identity trial


https://www.okta.com/free-trial/customer-identity/


2. Fill up the details and click on Get Started



3. An email will be sent by Okta to access our Okta Developer Platform


4. Copy your domain link and click on Activate



5. Login in Okta as a Developer Profile with your copied domain link



6. Go to Directory -> People -> Add people



7. Input mandatory fields and then click on Save


Note:

  • Enter email id in Username

  • Create the same users in Snowflake instance with email id

  • You can choose to set the password as - Set by User or Set by Admin and accordingly, the user will be able to login in to Okta



8. Navigate to Applications -> Applications -> Browse App Catalog



9. Choose Snowflake from the search panel and click on Add



10. Define the application name and subdomain of your Snowflake account


Eg: kn03860.ap-south-1.aws




11. Click on Next and move to Sign-On Options


12. Choose Sign-On Option as SAML 2.0



13. Click on View Setup Instructions


Note: We need to copy this information and would require it to configure in Snowflake



The required configuration from the Okta side is complete and now we need to do a few changes from Snowflake side in order to enable it for SSO


14. Run the below code in Snowflake and paste copied data mentioned in Step 13 of Setup Instructions



15. Run the below code in Snowflake and enter your Snowflake account name in the highlighted field


alter security integration OKTAINTEGRATION set saml2_snowflake_acs_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com/fed/login';

alter security integration OKTAINTEGRATION set saml2_snowflake_issuer_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com';




16. Run the below code in Snowflake



17. Navigate to the Okta to assign newly created Snowflake applications to users so that the user can have access to SSO


18. After setting up, click on Done



19. Your Snowflake application will be created.


20. Click on your Snowflake application



21. Assign people created above to your Snowflake application



22. Click on Assign to People



23. Assign People



24. All people assigned to Snowflake application will be visible


25. A green indicator for enabling SAML 2.0 will be visible



26. Navigate to My end-user Dashboard



Note: Whenever user logins who is not an Okta Admin, have to log in via Okta end user URL


27. Navigate to My Apps and click on Snowflake



28. You should be able to login successfully in Snowflake without entering your credentials


In this way, we have successfully integrated OKTA with Snowflake, which would eliminate the need to manually log in to Snowflake using credentials, instead of handling it as a Single Sign On from Okta.


124 views0 comments

Recent Posts

See All
bottom of page