The Okta/Snowflake Computing SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Log in to your Snowflake Computing account as a user with the ACCOUNTADMIN or SECURITYADMIN role.
Click Worksheet:
Paste the following query in the worksheet but DO NOT click Run:
alter account set saml_identity_provider = '{ "certificate": "", "ssoUrl": "", "type": "OKTA" }';
Update the query with the following values:
Certificate: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
ssoUrl: Copy and paste the following:
Sign in to the Okta Admin app to generate this variable.
The final query should look like this:
alter account set saml_identity_provider = '{ "certificate": "[your_certificate]", "ssoUrl": "[your_ssoUrl]", "type": "OKTA" }';
Click Run.
OPTIONAL: If you want to preview your updated Snowflake Computing login page and make sure that the button for logging in using Okta is displayed, go to one of the following URLs:
US West Accounts: https://[account_name].snowflakecomputing.com/console/login?fedpreview=true.
Accounts in all other regions: https://[account_name].[region_id].snowflakecomputing.com/console/login?fedpreview=true.
Still on the same worksheet, delete the previous query and paste the following:
alter account set sso_login_page = true;
Click Run.
OPTIONAL: In Okta select the Sign On tab for the Snowflake Computing app, then uncheck the Disable Force Authentication checkbox in order to enable Force Authentication for your users:
Done!
Make sure that you entered the correct value in the SubDomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Snowflake Computing.
You can also use SnowSQL to run the same queries mentioned in the Configuration Steps above.
The following SAML attributes are supported:
Name | Value |
---|---|
Account | org.subDomain |
Go to https://[YourSubDomain].snowflakecomputing.com/
Click Single Sign On: