0
0
SSO Login with Azure Active Directory: During this post we will discuss configure SSO (single sign-on) to connect with Snowflake via Azure Active Directory. With SSO enabled, your users authenticate through an external, SAML 2.0-compliant identity provider (IdP). Once authenticated by this IdP, users can securely initiate one or more sessions in Snowflake for the duration of their IdP session without having to log into Snowflake. They can choose to initiate their sessions from within the interface provided by the IdP or directly in Snowflake.
So the Question comes, Why does the SSO matters:
Steps to configure SSO:
Log into your Azure AD Portal à search for Enterprise Applications à Click the “New application” buttonà search for Snowflake, and choose this application
Give your Snowflake Application a name, then click the Create button at the bottom.Once the application is created, on the left side choose Single sign-on, then choose SAML in the middle pane.
In the middle pane under the Basic SAML configuration section, click the Edit button
On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) save them on your computer for later use.
Go to the Users under Active directory and create a new user.
Either you can configure your custom domain or you can use the default domain.
I created Darsh mittal and Gautam Singh two users in AD.
Assigned the Role to user.
Click on Add User/Group Button.
Find the User in right pane and select Darsh Mittal user and Assign it to the application.
Snowflake Configuration:
In snowflake, We will be using SAML approache:
- Using SAML identity_provider
- Use saml_identity_provider = “certificates”
- Alter account sso login = true
This will enable the SSO page on the snowflake URL. Also we will be creating the same user in snowflake manually which is available in AD .
Paste the following query in the worksheet
Use ACCOUNTADMIN;
alter account set saml_identity_provider = '{
"certificate": "[your_certificate]",
"SSOUrl": "[your_SSOUrl]",
"type": "ADFS"
}';
Certificate: The File we have downloaded earlier, Open the file and copy the content between
—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—-
SSO URL : Copy the value we stored in the Set up Snowflake section
CREATE USER "DMITTAL" PASSWORD = 'Thakurji@2020' LOGIN_NAME = 'darsh@sachinmittal2904outlook.onmicrosoft.com' DEFAULT_ROLE = "ACCOUNTADMIN"
DEFAULT_WAREHOUSE = 'COMPUTE_WH' MUST_CHANGE_PASSWORD = FALSE;
GRANT ROLE "ACCOUNTADMIN" TO USER "DMITTAL";
Login to the new browser and sign in your Microsoft account with new login
darsh@sachinmittal2904outlook.onmicrosoft.com
Now paste Snowflake URL in another tab and you will see Single Sign On:
https://gc05241.east-us-2.azure.snowflakecomputing.com/
This way we have successfully configure SSO Login with Azure Active Directory
