Azure Active Directory is Microsoft Azure’s identity and access management providing authentication and authorization mechanism for internal and external applications in Azure ecosystem. With AD integration, users can single sign-on to Snowflake application when they are in an organization network without the need to enter user credential, providing users with seamless access to cloud based applications. The Azure AD integration will be based on Security Assertion Markup Language (SAML) standard between the identity provider (Azure AD) and service provider (Snowflake SaaS) from the Azure application gallery.
Below you will find a step by step activity in order to configure Azure AD integration for Snowflake
- Login to Azure Portal & select Azure Active Directory > Add > Enterprise Application
- Select Snowflake for AAD from Azure AD Gallery
- Confirm Snowflake for AAD is created
- Select Setup Single Sign-On from Snowflake for AAD windows
- Select Security Assertion Markup Language (SAML) Protocol
- Edit the Basic SAML Configuration
- Add the Snowflake URL for the Identifier, Reply URL, Sign On, Relay State and Log Out URLs
- Download the SAML Signing Certificate, this certificate will be used later to configure the Azure AD Integration in Snowflake
- Assign Azure users to snowflake application from Enterprise Application > Snowflake for AAD > Users and Groups > Add User/Group
- Confirm User/Group is added
- Login to Snowflake using the local account with ACCOUNTADMIN role
- Create Security Integration of Azure AD
- Get the SAML information from Azure AD Basic SAML Configuration page
- For the SAML Certificate, open the downloaded Base64 file in text editor and copy its content excluding the BEGIN and END part
- Ensure that the SAML2_ISSUER has back slash (/) at the end
- Ensure that the SAML2_X509_CERT value is all in single line with no white space in between
- Set the Single Sign-On to true
- alter account set sso_login_page = TRUE;
- Verify the integration setting by running
- desc security integration AZUREAD_INTEGRATION;
- In Azure test the Azure AD Single Sign On configuration for Snowflake
- Click on the test button on item #5 of the Snowflake for AAD setup windows
- When configured successfully, the test will show Azure AD successfully issued a token
- Login to Snowflake using the Azure AD authentication
To ensure users can sign-in to Snowflake for AAD after it has been configured to use Azure Active Directory
- User accounts must be pre-provisioned into Snowflake for AAD prior to sign-in.
- Users must be assigned access to Snowflake for AAD in Azure AD to sign-in.
NEXT: Azure Active Directory Automatic Provisioning