top of page

Setting up SSO for Snowflake with SAML2.0 (OKTA)

Updated: Mar 13

Author: Venkata Shiva Krishna Jallu


We'll look into the installation of Snowflake Okta Integration. Okta is one of the extensively used provider carriers for Cloud-primarily based totally SSO (Single Sign-on). The steps to combine Snowflake Okta SSO are indexed below:


  • STEP 1: Granting User Access

  • STEP 2: Configuring in SAML Provider Snowflake


STEP 1: Granting User Access
  • Create an Okta account. In our case, we have used a trial version; you can take the premium if you wish to.

  • After successfully logging into your Okta account, go to applications and click on browse App Catalog and search for “SNOWFLAKE” from the search box as shown below.



  • Click on “ADD INTEGRATION” button to add Snowflake.



  • In the general setting of the Snowflake app, fill the application label of your choice, and in the “Subdomain” field, provide your Snowflake account name.

For example, if your account URL is like mentioned below:


URL: https://ja32055.ap-southeast-1.snowflakecomputing.com,


Your account name will be: ja32055.ap-southeast-1.



  • Then click on next to proceed further.

  • Select "SAML 2.0," then click the "Identity Provider metadata" hyperlink and the "View Setup Instructions" button in the container that appears below. Undo. Turn off Force Authentication and select the “Done” button.



  • Now, visit the “Assignments” tab and click on the “Assign” button and assign the user of your choice, as shown in the image below.



STEP 2: Configuring SAML Provider in Snowflake
  • Log in to your Snowflake account.

  • Open a Worksheet for running SQL commands.

  • Use an ACCOUNT ADMIN role. This is required since the modifications made during this procedure will be implemented at the account level.

  • Copy the below commands.


use role accountadmin;


alter account set saml_identity_provider = '{

"certificate" : "SecurityCertificateValueFromProvider",

"ssoUrl" : "SingleSignOnURL",

"issuer" : "Entity Id",// this is optional

"label" : "SSOExample"

}';


  • Copy the value for "certificate" from the View Setup Instructions page for SSO Setup you opened previously and pasted it into the above code. You may view the "Authentication Certificate" on that page. Copy the certificate value and place it in the certificate value.

  • Similarly, copy “Entity ID” and place it in the “Issuer” value, and in ssoURL value, paste “IDP SSO URL."

  • Run the above command.



To set the integration, as a user with the ACCOUNTADMIN role, run a command as CREATE SECURITY INTEGRATION.


The following example makes Okta the IdP for your account;;


Use Role Accountadmin;

Create Security Integration my_integration

Type = Saml2

Enabled = True

Saml2_issuer =

Saml2_sso_url =

Saml2_provider = Okta

Saml2_x509_cert =

Saml2_sp_initiated_login_page_label = Okta Sso

Saml2_enable_sp_initiated = True;


  • Copy and paste the value as you did while creating "saml identity provider."

  • Run the above command.



Change the integration to include the Snowflake ACS URL and the Snowflake SAML2 Issuer URL. Since the Snowflake Organizations feature is being utilized to produce a new URL format and the account is being changed to use the new Snowflake URL format, you should edit your Snowflake ACS URL and Snowflake SAML2 Issuer URL security integration:


use role accountadmin;


alter security integration my_integration set saml2_snowflake_acs_url = 'https://<organization name>-<account name>.snowflakecomputing.com/fed/login';

alter security integration my_integration set saml2_snowflake_issuer_url = 'https://<organization name>-<account name>.snowflakecomputing.com';


  • Copy and Run the above command

  • In place of the organization name and account name, provide your Snowflake account name.

For example, if your account URL is like mentioned below:


URL: https://ja32055.ap-southeast-1.snowflakecomputing.com,


Your account name will be: ja32055.ap-southeast-1.


  • After successfully running the command.

  • Create a user and assign login credentials for your Okta account to that user.



  • When you open your Snowflake login page, it will appear similar to the page displayed below. Another way to sign in with Okta SSO is shown here. That's it; you've finished the Snowflake Okta Integration.



Provide your User name and Password for your Okta account.



RESULT:

We have successfully logged into Snowflake using Okta SSO. Enabling okta assists businesses with authentication and data security. It also enables us to utilize a single login system to access many apps and websites.



140 views0 comments

Recent Posts

See All
bottom of page