AUTHENTICATION POLICY

Config path: /<database>/<schema>/authentication_policy/<name>.yaml

Example:

authentication_methods: [SAML, KEYPAIR]
mfa_authentication_methods: [SAML]
mfa_enrollment: REQUIRED
client_types: [SNOWFLAKE_UI, DRIVERS]
security_integrations: [ALL]
comment: "my custom policy"

Schema

• authentication_methods (list)

  • {items} (str) - e.g. [ALL]

• mfa_authentication_methods (list)

  • {items} (str) - e.g. [PASSWORD, SAML]

• mfa_enrollment (str) - OPTIONAL or REQUIRED

• client_types (list)

  • {items} (str) - e.g. [ALL]

• security_integrations (list)

  • {items} (str) - e.g. [ALL]

• comment (str)

Usage notes

1. All parameters are required since 0.47.0. Snowflake changes defaults liberally between versions, so the only way to guarantee consistent authentication policy is to define all parameters at all times explicitly.

Links

• CREATE AUTHENTICATION POLICY

• ALTER AUTHENTICATION POLICY

• DESC AUTHENTICATION POLICY

• Parser & JSON Schema (GitHub)