Okta

How to Configure SAML 2.0 for Snowflake Computing

Contents


Supported Features

The Okta/Snowflake Computing SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Log in to your Snowflake Computing account as a user with the ACCOUNTADMIN or SECURITYADMIN role.

  2. Click Worksheet:

    snowflake_new1.png

  3. Paste the following query in the worksheet but DO NOT click Run:

    alter account set saml_identity_provider = '{
      "certificate": "",
      "ssoUrl": "",
      "type": "OKTA"
      }';
    

    snowflake_new2.png

  4. Update the query with the following values:

    • Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • ssoUrl: Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable.

  5. The final query should look like this:

    alter account set saml_identity_provider = '{
      "certificate": "[your_certificate]",
      "ssoUrl": "[your_ssoUrl]",
      "type": "OKTA"
      }';
    
  6. Click Run.

  7. OPTIONAL: If you want to preview your updated Snowflake Computing login page and make sure that the button for logging in using Okta is displayed, go to one of the following URLs:

    • US West Accounts: https://[account_name].snowflakecomputing.com/console/login?fedpreview=true.

    • Accounts in all other regions: https://[account_name].[region_id].snowflakecomputing.com/console/login?fedpreview=true.

  8. Still on the same worksheet, delete the previous query and paste the following:

    alter account set sso_login_page = true;

    snowflake_new3.png

  9. Click Run.

  10. OPTIONAL: In Okta select the Sign On tab for the Snowflake Computing app, then uncheck the Disable Force Authentication checkbox in order to enable Force Authentication for your users:

    snowflake_new4.png

  11. Done!


Notes

SP-initiated SSO

  1. Go to https://[YourSubDomain].snowflakecomputing.com/

  2. Click Single Sign On:

    snowflake_new5.png