0 0
Read Time:3 Minute, 0 Second

SSO Login with Azure Active Directory: During this post we will discuss configure SSO (single sign-on) to connect with Snowflake via Azure Active Directory. With SSO enabled, your users authenticate through an external, SAML 2.0-compliant identity provider (IdP). Once authenticated by this IdP, users can securely initiate one or more sessions in Snowflake for the duration of their IdP session without having to log into Snowflake. They can choose to initiate their sessions from within the interface provided by the IdP or directly in Snowflake.

So the Question comes, Why does the SSO matters:

SSO

Steps to configure SSO:

Log into your Azure AD Portal à search for Enterprise Applications à Click the “New application” buttonà search for Snowflake, and choose this application

Enterprise Appl

Give your Snowflake Application a name, then click the Create button at the bottom.Once the application is created, on the left side choose Single sign-on, then choose SAML in the middle pane.

In the middle pane under the Basic SAML configuration section, click the Edit button

SAML
IDP config
Logout url

On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) save them on your computer for later use.

SAML Sign Certy
Enterprise Appln

Go to the Users under Active directory and create a new user.

Either you can configure your custom domain or you can use the default domain.

I created Darsh mittal and Gautam Singh two users in AD.

Users

Assigned the Role to user.

Roles Assign
Align User with Appln

Click on Add User/Group Button.

Find  the User in right pane and select Darsh Mittal user and Assign it to the application.

Add Assignment

Snowflake Configuration:

In snowflake, We will be using SAML approache:

  1. Using SAML identity_provider
    1. Use saml_identity_provider = “certificates”
    2. Alter account sso login = true

This will enable the SSO page on the snowflake URL. Also we will be creating the same user in snowflake manually which is available in AD .

Paste the following query in the worksheet

Use ACCOUNTADMIN;

alter account set saml_identity_provider = '{

"certificate": "[your_certificate]",

"SSOUrl": "[your_SSOUrl]",

"type": "ADFS"

}';

Certificate: The File we have downloaded earlier, Open the file and copy the content between

—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—-

SSO URL : Copy the value we stored in the Set up Snowflake section

CREATE USER "DMITTAL" PASSWORD = 'Thakurji@2020' LOGIN_NAME = 'darsh@sachinmittal2904outlook.onmicrosoft.com' DEFAULT_ROLE = "ACCOUNTADMIN"
DEFAULT_WAREHOUSE = 'COMPUTE_WH' MUST_CHANGE_PASSWORD = FALSE;

GRANT ROLE "ACCOUNTADMIN" TO USER "DMITTAL";

Configure SSO login

Login to the new browser and sign in your Microsoft account with new login

darsh@sachinmittal2904outlook.onmicrosoft.com

Now paste Snowflake URL in another tab and you will see Single Sign On:

https://gc05241.east-us-2.azure.snowflakecomputing.com/

SSO Login

This way we have successfully configure SSO Login with Azure Active Directory

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published. Required fields are marked *