I'm working on migrating Snowflake under Okta however there will be some users that will not have access to Okta, i.e, contract employees. I know for the migration I'll have to run a security integration, but does this mean that those users won't be able to access Snowflake since it will be behind Okta? And is there a way to allow a few to access even once we move Snowflake to Okta?
use role accountadmin;
CREATE SECURITY INTEGRATION OKTAINTEGRATION
TYPE = SAML2
ENABLED = TRUE
SAML2_ISSUER = 'http://www.okta.com/<YOUR ENTITY ID>'
SAML2_SSO_URL = '<YOUR IDP SSO URL>'
SAML2_PROVIDER = OKTA
SAML2_X509_CERT = '<YOUR AUTHENTICATION CERTIFICATE in ONE LINE>'
SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'MYSSO'
SAML2_ENABLE_SP_INITIATED = TRUE;
Docs I'm using: https://community.snowflake.com/s/article/How-To-Setup-SSO-Using-Okta-with-Snowflake-new-URL-format
Snowflake support integration with SAML 2.0 compliant IdP such as Okta or Azure AD. When security integration created the corp users can sign in their Snowflake account through their IdP accounts, or by clicking the button: "Sign In using Okta" (or other IdP) which will appear when they access Snowflake account via account URL.
At the same time the "Username" and "Password" fields will remain available. The users who do not have IdP accounts can use their credentials to sign in Snowflake.
Also they will be able to enroll MFA or use Key-Pair, e.g. for any external clients/driver to access Snowflake independently from the IdP.