I am new to this okta snowflake. I am using scim. After integration, I am trying to create the role in the okta, or at least assign the role to the user from the okta to the snowflake. In the documentation, it is mentioned via push groups. Not sure how to create role in okta. When I am assigning users in okta it is taking default role public in Snowflake. I created a manual role in Snowflake with okta provisioner as owner. When I assign user with that custom role in okta it is taking public role by default again. Is there anything I am missing regarding role here? Thanks.
We advise that within Snowflake you have a Access Roles and external to Snowflake (like using Okta and SCIM) that you define Groups and these become Functional Roles in Snowflake --- don't worry about the Prefix I used a custom role is a custom role the prefix of (Access / Functional) is just a logical grouping of roles.
Once defined in Okta and pushed to Snowflake these Groups should appear as Custom Roles in Snowflake, but they will not have access to anything. Within Snowflake you will have to grant them to Access Roles.
Access Roles within Snowflake (again it is just a custom role) are the roles that contain the privileges to Snowflake objects, within Snowflake you have to link the Functional role to Access Roles. Once you've done that all new Users assigned the same Group (Functional Role) will no further management in the Snowflake platform.
You can create users and assign them a default role too, this is highlighted in the doc: https://docs.snowflake.com/en/user-guide/scim-intro.html#custom-attributes