Author: Geetika Bansal
Introduction:
In a federated environment, user authentication is separated from user access by using one or more external entities that provide independent authentication of user credentials. The authentication is handled by one or more services, enabling users to access the services through SSO (Single Sign-on).
Okta is one of the providers generally used for cloud-based SSO.
To integrate Okta SSO with Snowflake, please follow the below steps :
1. First, we need to sign up with Okta by navigating to the below link and clicking on the customer identity trial
https://www.okta.com/free-trial/customer-identity/
2. Fill up the details and click on Get Started
3. An email will be sent by Okta to access our Okta Developer Platform
4. Copy your domain link and click on Activate
5. Login in Okta as a Developer Profile with your copied domain link
6. Go to Directory -> People -> Add people
7. Input mandatory fields and then click on Save
Note:
Enter email id in Username
Create the same users in Snowflake instance with email id
You can choose to set the password as - Set by User or Set by Admin and accordingly, the user will be able to login in to Okta
8. Navigate to Applications -> Applications -> Browse App Catalog
9. Choose Snowflake from the search panel and click on Add
10. Define the application name and subdomain of your Snowflake account
Eg: kn03860.ap-south-1.aws
11. Click on Next and move to Sign-On Options
12. Choose Sign-On Option as SAML 2.0
13. Click on View Setup Instructions
Note: We need to copy this information and would require it to configure in Snowflake
The required configuration from the Okta side is complete and now we need to do a few changes from Snowflake side in order to enable it for SSO
14. Run the below code in Snowflake and paste copied data mentioned in Step 13 of Setup Instructions
15. Run the below code in Snowflake and enter your Snowflake account name in the highlighted field
alter security integration OKTAINTEGRATION set saml2_snowflake_acs_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com/fed/login';
alter security integration OKTAINTEGRATION set saml2_snowflake_issuer_url = 'https://iy80249.ap-south-1.aws.snowflakecomputing.com';
16. Run the below code in Snowflake
17. Navigate to the Okta to assign newly created Snowflake applications to users so that the user can have access to SSO
18. After setting up, click on Done
19. Your Snowflake application will be created.
20. Click on your Snowflake application
21. Assign people created above to your Snowflake application
22. Click on Assign to People
23. Assign People
24. All people assigned to Snowflake application will be visible
25. A green indicator for enabling SAML 2.0 will be visible
26. Navigate to My end-user Dashboard
Note: Whenever user logins who is not an Okta Admin, have to log in via Okta end user URL
27. Navigate to My Apps and click on Snowflake
28. You should be able to login successfully in Snowflake without entering your credentials
In this way, we have successfully integrated OKTA with Snowflake, which would eliminate the need to manually log in to Snowflake using credentials, instead of handling it as a Single Sign On from Okta.