Authenticate Flashcards

1
Q

What are the five ways to authenticate into Snowflake

A

username/password - least recommended
username/password with mfa (duo mfa only - snowflake recommened
SSO powered by SAMLv2
Key pair authentication
OAuth 2.0 grant flow - secure programmatic access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When might SAML SSO might not be appropriate

A

Snwoflake admins - Outages with an IdP may prevent Snowflake Admins from logging in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F SAML SSO can be used on public and private endpoints at same time

A

False, they can only used on one at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

T/F Snowflake only supports a single IDP at a time for each Snowflake Account for SSO

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

T/F For the Web UI, only SAML 2 is supported

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are two reasons why to use key pair for programmatic access

A

Customers have the requirement to not rely on third party or for the secret to travel over the wire
Customers wants to remove the management of the secret from the service account authenticating into Snowflake, instead the key is completely controlled by code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name two reasons key pair might not be good for a client

A

Existing key infrastructure is not in place to provide for the protection of private keys
Not appropriate in large environments where the ability to distribute and manage keys becomes more administrative overhead than the customer is willing to deal with

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Customers that seek to allow SSO based user creds in a programmatic scenario should consider

A

OAuth 2.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name three reasons a client would use OAuth 2.0 for programmatic access

A

Centralize the monitoring and management of authorizations across a number of apps
Customers that do not wish to pass creds over the wire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F Snowflake OAuth is applicable in a programatic situtation

A

False - External OAuth should be used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly