Authenticate Flashcards
What are the five ways to authenticate into Snowflake
username/password - least recommended
username/password with mfa (duo mfa only - snowflake recommened
SSO powered by SAMLv2
Key pair authentication
OAuth 2.0 grant flow - secure programmatic access to data
When might SAML SSO might not be appropriate
Snwoflake admins - Outages with an IdP may prevent Snowflake Admins from logging in.
T/F SAML SSO can be used on public and private endpoints at same time
False, they can only used on one at a time
T/F Snowflake only supports a single IDP at a time for each Snowflake Account for SSO
True
T/F For the Web UI, only SAML 2 is supported
True
What are two reasons why to use key pair for programmatic access
Customers have the requirement to not rely on third party or for the secret to travel over the wire
Customers wants to remove the management of the secret from the service account authenticating into Snowflake, instead the key is completely controlled by code
Name two reasons key pair might not be good for a client
Existing key infrastructure is not in place to provide for the protection of private keys
Not appropriate in large environments where the ability to distribute and manage keys becomes more administrative overhead than the customer is willing to deal with
Customers that seek to allow SSO based user creds in a programmatic scenario should consider
OAuth 2.0
Name three reasons a client would use OAuth 2.0 for programmatic access
Centralize the monitoring and management of authorizations across a number of apps
Customers that do not wish to pass creds over the wire
T/F Snowflake OAuth is applicable in a programatic situtation
False - External OAuth should be used