SnowDDL
  • 👋Introduction
  • 🚩Getting started
  • 📋Main features
  • 🪤SnowDDL vs. Declarative DCM
  • In-depth guides
    • 👓Object identifiers
    • 📐Data types
    • 📦Object types
    • 🎭Role hierarchy
    • 🚧Permission model
    • 🔦Other guides
      • Administration user
      • Integrations
      • Inbound shares
      • Object OWNERSHIP
      • Safe & unsafe DDL
      • Dependency management
      • Short hash explained
      • Env Prefix explained
      • Team workflow
      • Limitations & workarounds
      • Fivetran
      • Airbyte
      • Encrypt user passwords
      • Iceberg Tables
  • Basic usage (CLI + YAML)
    • 💻CLI interface
    • 📦YAML configs
      • ACCOUNT PARAMETER
      • ACCOUNT POLICY
      • AGGREGATION POLICY
      • ALERT
      • AUTHENTICATION POLICY
      • BUSINESS ROLE
      • DATABASE
      • DYNAMIC TABLE
      • EVENT TABLE
      • EXTERNAL ACCESS INTEGRATION
      • EXTERNAL FUNCTION
      • EXTERNAL TABLE
      • FILE FORMAT
      • FUNCTION
      • HYBRID TABLE
      • ICEBERG TABLE
      • MASKING POLICY
      • MATERIALIZED VIEW
      • NETWORK POLICY
      • NETWORK RULE
      • PERMISSION MODEL
      • PIPE
      • PLACEHOLDER
      • PROCEDURE
      • PROJECTION POLICY
      • RESOURCE MONITOR
      • ROW ACCESS POLICY
      • SCHEMA
      • SECRET
      • SEQUENCE
      • SHARE (outbound)
      • STAGE
      • STAGE FILE
      • STREAM
      • TABLE
      • TASK
      • TECHNICAL ROLE
      • USER
      • VIEW
      • WAREHOUSE
    • 🏷️YAML placeholders
    • 📬YAML tag !include
    • 🔐YAML tag !decrypt
  • Single DB
    • 🦀Overview
  • Advanced usage (Python)
    • ⚙️Programmatic config
    • 🐍Architecture overview
      • 🔵Blueprints
      • 🟣Config
      • 🟠Parsers
      • 🟢Resolvers
      • 🔴Engine
    • 🏗️Query builder & formatter
  • Breaking changes log
    • 0.45.0 - March 2025
    • 0.41.0 - January 2025
    • 0.37.0 - December 2024
    • 0.36.0 - November 2024
    • 0.33.0 - October 2024
    • 0.27.0 - May 2024
  • Links
    • GitHub repository
    • PyPI package
    • YouTube tutorials
    • Changelog
    • LinkedIn profile
Powered by GitBook
On this page
  • Schema
  • Usage notes
  • Links
  1. Basic usage (CLI + YAML)
  2. YAML configs

AUTHENTICATION POLICY

Config path: /<database>/<schema>/authentication_policy/<name>.yaml

Example:

authentication_methods: [SAML, KEYPAIR]
mfa_authentication_methods: [SAML]
mfa_enrollment: REQUIRED
client_types: [SNOWFLAKE_UI, DRIVERS]
security_integrations: [ALL]
comment: "my custom policy"

Schema

  • authentication_methods (list)

    • {items} (str) - e.g. [ALL]

  • mfa_authentication_methods (list)

    • {items} (str) - e.g. [PASSWORD, SAML]

  • mfa_enrollment (str) - OPTIONAL or REQUIRED

  • client_types (list)

    • {items} (str) - e.g. [ALL]

  • security_integrations (list)

    • {items} (str) - e.g. [ALL]

  • comment (str)

Usage notes

  1. All parameters are required since 0.47.0. Snowflake changes defaults liberally between versions, so the only way to guarantee consistent authentication policy is to define all parameters at all times explicitly.

Links

PreviousALERTNextBUSINESS ROLE

Last updated 1 month ago

📦
CREATE AUTHENTICATION POLICY
ALTER AUTHENTICATION POLICY
DESC AUTHENTICATION POLICY
Parser & JSON Schema (GitHub)