Authenticate

Question 1

What are the five ways to authenticate into Snowflake

Answer 1

username/password - least recommended
username/password with mfa (duo mfa only - snowflake recommened
SSO powered by SAMLv2
Key pair authentication
OAuth 2.0 grant flow - secure programmatic access to data

Question 2

When might SAML SSO might not be appropriate

Answer 2

Snwoflake admins - Outages with an IdP may prevent Snowflake Admins from logging in.

Question 3

T/F SAML SSO can be used on public and private endpoints at same time

Answer 3

False, they can only used on one at a time

Question 4

T/F Snowflake only supports a single IDP at a time for each Snowflake Account for SSO

Answer 4

True

Question 5

T/F For the Web UI, only SAML 2 is supported

Answer 5

True

Question 6

What are two reasons why to use key pair for programmatic access

Answer 6

Customers have the requirement to not rely on third party or for the secret to travel over the wire
Customers wants to remove the management of the secret from the service account authenticating into Snowflake, instead the key is completely controlled by code

Question 7

Name two reasons key pair might not be good for a client

Answer 7

Existing key infrastructure is not in place to provide for the protection of private keys
Not appropriate in large environments where the ability to distribute and manage keys becomes more administrative overhead than the customer is willing to deal with

Question 8

Customers that seek to allow SSO based user creds in a programmatic scenario should consider

Answer 8

OAuth 2.0

Question 9

Name three reasons a client would use OAuth 2.0 for programmatic access

Answer 9

Centralize the monitoring and management of authorizations across a number of apps
Customers that do not wish to pass creds over the wire

Question 10

T/F Snowflake OAuth is applicable in a programatic situtation

Answer 10

False - External OAuth should be used