Configure Single Sign On for Snowflake with Azure AD

In this article, I will show you how to integrate Snowflake with Azure Active Directory (Azure AD). When you integrate Snowflake with Azure AD, you can:

  • Control in Azure AD who has access to Snowflake.
  • Enable your users to be automatically signed-in to Snowflake with their Azure AD accounts.
  • Manage your accounts in one central location – the Azure portal.

Prerequisites

To configure Azure AD integration with Snowflake, you need the following items:

  • An Azure subscription. You need to be a subscription owner to perform these steps.
  • Snowflake single sign-on enabled subscription. You need to be part of the ACCOUNTADMIN role.

To configure the integration of Snowflake into Azure AD, you need to add Snowflake from the gallery to your list of managed SaaS apps.

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
  2. On the left navigation pane, select the Azure Active Directory service.
  3. Navigate to Enterprise Applications and then select All Applications.
  4. To add new application, select New application.
  5. In the Add from the gallery section, type Snowflake in the search box.
  6. Select Snowflake from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Once the Snowflake app is added to your applications in Azure AD it should look like this.

Now select the Snowflake app and on the left side choose Single sign-on, then choose SAML in the middle pane

In the basic SAML configurations section enter the following

Identifier (Entity ID) https://<account name>.region.azure.snowflakecomputing.com

Reply URL (Assertion Consumer Service URL)https://<account name>.region.azure.snowflakecomputing.com/fed/login

Sign on URL https://<account name>.region.azure.snowflakecomputing.com

Logout Url https://<account name>.region.azure.snowflakecomputing.com/fed/logout

After this, click save!

On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click Download to download the Certificate (Base64) AND the Federation Metadata XML from the given options and save them on your computer for later use.

In the Set up Snowflake section, copy the Login URL for later use.

Now lets head over to Snowflake. Login to Snowflake with an account with ACCOUNTADMIN role.

In a new worksheet execute the following SQL query to create a new SECURITY INTEGRATION

CREATE SECURITY INTEGRATION AZUREADINTEGRATION--Any name you prefer
    TYPE = SAML2
    ENABLED = TRUE
    SAML2_ISSUER = 'https://sts.windows.net/XXXXXXXXX/'--  (This is entity ID in the Identifier Provider Metadata downloaded earlier and will be in a URL format)
    SAML2_SSO_URL = 'https://login.microsoftonline.com/XXXXXX/saml2'--(this is the Login URL)
    SAML2_PROVIDER = 'CUSTOM'
    SAML2_X509_CERT =  '<Base64 encoded IdP signing certificate>' -- (DO NOT ENTER THE BEGIN OR END CERTIFICATE TAGS)
SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'AzureADSSO'
SAML2_ENABLE_SP_INITIATED = TRUE;

Once above query executes successfully verify the INTEGRATION.

desc security integration AZUREADINTEGRATION;

Check and make sure all values match the setting in the Azure AD portal.

The final step is to create users in Snowflake for your Azure AD accounts. here is the query for that.

USE ROLE ACCOUNTADMIN;
CREATE USER snowflakeuser1_azuread PASSWORD = ” LOGIN_NAME = ‘AZUREADUSER1@YOURCOMPANY.com’ DISPLAY_NAME = ‘Azure AD User 1’;

Finally you can verify the configurations worked by trying to login to your snowflake account. Below is a screenshot showing option to login with Azure AD. Enjoy!

Published by Narayan Sujay Somasekhar

• 12+ years of experience leading the build of BI and Cloud Data Platform solutions using cloud technologies such as Snowflake, Azure Synapse, Databricks and AWS Redshift. • Over 8+ years as a Data Analytics and Engineering practice leader with demonstrated history of working with management consulting firms across Tax & Accounting, Finance, Power & Utility industry. • Experience in managing the team roadmap, and delivering actionable data insights to sales, product, marketing, and senior leadership. • Strong background in Data Technology Solutions delivery & Data Automation for business processes using various tools. • Expertise in bringing Data-Driven IT Strategic Planning to align metrics, communicate data changes across reporting, Enterprise Data Warehouses, Data Lakes and Customer Relationship Managements Systems. • Experienced working with cross functional teams, Data Scientists/Analysts and Business Managers in building Data Science and Data Engineering practice from the ground up. • Experienced in Designing and implementing NLP solutions with focus on sentiment analysis, opinion mining, key phase extraction using Azure Cognitive Services and Amazon Comprehend • Extensive programming experience with SQL, Python, C#, R, and Scala.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: