1. Home
  2. Docs
  3. PureAUTH SAML Integration...
  4. Snowflake SAML Integration using PureAUTH

Snowflake SAML Integration using PureAUTH

Introduction

This document explains how to integrate Snowflake with the PureAUTH Identity Platform and make Snowflake authentication passwordless.

Prerequisites

  • Must have Administrator Access.

Add Snowflake SAML application on PureAUTH

  • Enter Any Application Name.
  • Select Primary (Full Name ) in the Dataset for email field.
  • In the “Saml Response Endpoint (ACS URL)” field, enter the give URL.
https://<Snowflake Account URL>/fed/login
  • In the “Audience (Entity ID)” field, enter the given URL.
https://<Snowflake Account URL>
  • In the “SAML Logout Response Endpoint (SLO URL)” field, enter the given URL.
https://<Snowflake Account URL>/fed/logout
  • Click “Add

To enable SAML single sign-on in Dropbox

  • Login to your Snowflake Admin account.
  • Go to Worksheets and create new worksheet.
  • Rename worksheet as PureAUTH SAML.
  • Open Worksheet and add below SQL Commands.


//Set SAML Provider 

use role accountadmin;

alter account set saml_identity_provider = '{
  "certificate": " ",
  "issuer": " ",
  "ssoUrl": " ",
  "type"  : "custom",
  "label" : "PureAUTH"
}';


//Enable SSO at Account Level
use role accountadmin;
alter account set sso_login_page = true;

//create security integration 

use role accountadmin;

CREATE SECURITY INTEGRATION PUREAUTHINTEGRATION
TYPE = SAML2
ENABLED = TRUE
SAML2_ISSUER = ' '
SAML2_SSO_URL = ' '
saml2_provider = 'custom'
SAML2_X509_CERT = ' '
saml2_sp_initiated_login_page_label = 'PureAUTH'
saml2_enable_sp_initiated = TRUE
saml2_snowflake_issuer_url = ' '
saml2_snowflake_acs_url = ' ';   

//Setup SAML ACS and ISSUER URL

use role accountadmin;

alter security integration PureAUTHintegration set saml2_snowflake_acs_url = ' ';
alter security integration PureAUTHintegration set saml2_snowflake_issuer_url = ' ';

//Modify Login_name and make similar to snowflake 

////alter user uname set login_name= 'uemail';

//Enable/Disable authentication

alter security integration pureauthintegration set enabled = true;
  • The field highlighted in Red will be the SAML Certificate (Generated in PureAUTH), Copy the certificate under —-BEGIN CERTIFICATE — and —END CERTIFICATE — and paste into the field highlighted in Red.
  • The field highlighted in Orange will be the Issuer URL (Entity ID) (Generated in PureAUTH), Copy the Issuer URL and paste into the field highlighted in Orange.
  • The field highlighted in Green will be the Snowflake_Issuer_url, Copy the AUDIENCE (ENTITY ID) from PureAUTH and paste into the field highlighted in Green.
  • The field highlighted in Blue will be the Snowflake_acs_url, Copy the SAML RESPONSE URL (ACS URL) from PureAUTH and paste into the field highlighted in Blue.

Verify SAML Authentication

  • Visit the Login endpoint.
  • You will see the Button “Sign in using PureAUTH” click on it.
  • You will be redirected to PureAUTH.
  • Open the AuthVR5 app and scan the QR code using Swift Login.

DISABLE SAML AUTHENTICATION

  • Login to your Snowflake Admin account.
  • Open PureAUTH SMAL Worksheet.
  • Under //Enable/Disable authentication > Change it to “false”.
alter security integration pureauthintegration set enabled = false;

Further Assistance

For further information or assistance, please contact PureID support team : support@pureid.io.

Was this article helpful to you? No Yes

How can we help?