AUTHENTICATION POLICY

Config path: /<database>/<schema>/authentication_policy/<name>.yaml

Example:

authentication_methods: [SAML, KEYPAIR]
mfa_authentication_methods: [SAML]
mfa_enrollment: REQUIRED
client_types: [SNOWFLAKE_UI, DRIVERS]
security_integrations: [ALL]
comment: "my custom policy"

Schema

• authentication_methods (list)

  • {items} (str)

• mfa_authentication_methods (list)

  • {items} (str)

• mfa_enrollment (str)

• mfa_policy (dict)

  • {key} (str) - parameter name

  • {value} (array, bool, float, int, str) - parameter value

• client_types (list)

  • {items} (str)

• client_policy (dict)

  • {key} (str) - client name

  • {value} (dict)

    • {key} (str) - parameter name

    • {value} (array, bool, float, int, str) - parameter value

• security_integrations (list)

  • {items} (str)

• pat_policy (dict)

  • {key} (str) - parameter name

  • {value} (array, bool, float, int, str) - parameter value

• workload_identity_policy (dict)

  • {key} (str) - parameter name

  • {value} (array, bool, float, int, str) - parameter value

• comment (str)

Usage notes

1. Snowflake makes dramatic and frequent changes to AUTHENTICATION_POLICY object type. Backwards compatibility is not guaranteed. The current implementation should work with Snowflake changes bundle up to 2025_06. If you encounter issues with future bundles, please raise an issue on GitHub.

Links

• CREATE AUTHENTICATION POLICY

• ALTER AUTHENTICATION POLICY

• DESC AUTHENTICATION POLICY

• Parser & JSON Schema (GitHub)