snowflake.SamlIntegration
Explore with Pulumi AI
Import
$ pulumi import snowflake:index/samlIntegration:SamlIntegration example name
Create SamlIntegration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SamlIntegration(name: string, args: SamlIntegrationArgs, opts?: CustomResourceOptions);
@overload
def SamlIntegration(resource_name: str,
args: SamlIntegrationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SamlIntegration(resource_name: str,
opts: Optional[ResourceOptions] = None,
saml2_issuer: Optional[str] = None,
saml2_x509_cert: Optional[str] = None,
saml2_sso_url: Optional[str] = None,
saml2_provider: Optional[str] = None,
saml2_force_authn: Optional[bool] = None,
saml2_post_logout_redirect_url: Optional[str] = None,
enabled: Optional[bool] = None,
saml2_requested_nameid_format: Optional[str] = None,
saml2_sign_request: Optional[bool] = None,
saml2_snowflake_acs_url: Optional[str] = None,
saml2_snowflake_issuer_url: Optional[str] = None,
saml2_snowflake_x509_cert: Optional[str] = None,
saml2_sp_initiated_login_page_label: Optional[str] = None,
saml2_enable_sp_initiated: Optional[bool] = None,
name: Optional[str] = None)
func NewSamlIntegration(ctx *Context, name string, args SamlIntegrationArgs, opts ...ResourceOption) (*SamlIntegration, error)
public SamlIntegration(string name, SamlIntegrationArgs args, CustomResourceOptions? opts = null)
public SamlIntegration(String name, SamlIntegrationArgs args)
public SamlIntegration(String name, SamlIntegrationArgs args, CustomResourceOptions options)
type: snowflake:SamlIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SamlIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SamlIntegrationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SamlIntegrationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SamlIntegrationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SamlIntegrationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var samlIntegrationResource = new Snowflake.SamlIntegration("samlIntegrationResource", new()
{
Saml2Issuer = "string",
Saml2X509Cert = "string",
Saml2SsoUrl = "string",
Saml2Provider = "string",
Saml2ForceAuthn = false,
Saml2PostLogoutRedirectUrl = "string",
Enabled = false,
Saml2RequestedNameidFormat = "string",
Saml2SignRequest = false,
Saml2SnowflakeAcsUrl = "string",
Saml2SnowflakeIssuerUrl = "string",
Saml2SnowflakeX509Cert = "string",
Saml2SpInitiatedLoginPageLabel = "string",
Saml2EnableSpInitiated = false,
Name = "string",
});
example, err := snowflake.NewSamlIntegration(ctx, "samlIntegrationResource", &snowflake.SamlIntegrationArgs{
Saml2Issuer: pulumi.String("string"),
Saml2X509Cert: pulumi.String("string"),
Saml2SsoUrl: pulumi.String("string"),
Saml2Provider: pulumi.String("string"),
Saml2ForceAuthn: pulumi.Bool(false),
Saml2PostLogoutRedirectUrl: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Saml2RequestedNameidFormat: pulumi.String("string"),
Saml2SignRequest: pulumi.Bool(false),
Saml2SnowflakeAcsUrl: pulumi.String("string"),
Saml2SnowflakeIssuerUrl: pulumi.String("string"),
Saml2SnowflakeX509Cert: pulumi.String("string"),
Saml2SpInitiatedLoginPageLabel: pulumi.String("string"),
Saml2EnableSpInitiated: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var samlIntegrationResource = new SamlIntegration("samlIntegrationResource", SamlIntegrationArgs.builder()
.saml2Issuer("string")
.saml2X509Cert("string")
.saml2SsoUrl("string")
.saml2Provider("string")
.saml2ForceAuthn(false)
.saml2PostLogoutRedirectUrl("string")
.enabled(false)
.saml2RequestedNameidFormat("string")
.saml2SignRequest(false)
.saml2SnowflakeAcsUrl("string")
.saml2SnowflakeIssuerUrl("string")
.saml2SnowflakeX509Cert("string")
.saml2SpInitiatedLoginPageLabel("string")
.saml2EnableSpInitiated(false)
.name("string")
.build());
saml_integration_resource = snowflake.SamlIntegration("samlIntegrationResource",
saml2_issuer="string",
saml2_x509_cert="string",
saml2_sso_url="string",
saml2_provider="string",
saml2_force_authn=False,
saml2_post_logout_redirect_url="string",
enabled=False,
saml2_requested_nameid_format="string",
saml2_sign_request=False,
saml2_snowflake_acs_url="string",
saml2_snowflake_issuer_url="string",
saml2_snowflake_x509_cert="string",
saml2_sp_initiated_login_page_label="string",
saml2_enable_sp_initiated=False,
name="string")
const samlIntegrationResource = new snowflake.SamlIntegration("samlIntegrationResource", {
saml2Issuer: "string",
saml2X509Cert: "string",
saml2SsoUrl: "string",
saml2Provider: "string",
saml2ForceAuthn: false,
saml2PostLogoutRedirectUrl: "string",
enabled: false,
saml2RequestedNameidFormat: "string",
saml2SignRequest: false,
saml2SnowflakeAcsUrl: "string",
saml2SnowflakeIssuerUrl: "string",
saml2SnowflakeX509Cert: "string",
saml2SpInitiatedLoginPageLabel: "string",
saml2EnableSpInitiated: false,
name: "string",
});
type: snowflake:SamlIntegration
properties:
enabled: false
name: string
saml2EnableSpInitiated: false
saml2ForceAuthn: false
saml2Issuer: string
saml2PostLogoutRedirectUrl: string
saml2Provider: string
saml2RequestedNameidFormat: string
saml2SignRequest: false
saml2SnowflakeAcsUrl: string
saml2SnowflakeIssuerUrl: string
saml2SnowflakeX509Cert: string
saml2SpInitiatedLoginPageLabel: string
saml2SsoUrl: string
saml2X509Cert: string
SamlIntegration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SamlIntegration resource accepts the following input properties:
- Saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- Saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- Saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- Saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- Enabled bool
- Specifies whether this security integration is enabled or disabled.
- Name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Saml2Enable
Sp boolInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- Saml2Force
Authn bool - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- Saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- Saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- Saml2Sign
Request bool - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- Saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- Saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- Saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- Saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- Saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- Saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- Saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- Saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- Enabled bool
- Specifies whether this security integration is enabled or disabled.
- Name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Saml2Enable
Sp boolInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- Saml2Force
Authn bool - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- Saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- Saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- Saml2Sign
Request bool - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- Saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- Saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- Saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- Saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2Issuer String
- The string containing the IdP EntityID / Issuer.
- saml2Provider String
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Sso
Url String - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert String
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- enabled Boolean
- Specifies whether this security integration is enabled or disabled.
- name String
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Enable
Sp BooleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn Boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Post
Logout StringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Requested
Nameid StringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request Boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Snowflake
Acs StringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer StringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
X509Cert String - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated StringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- enabled boolean
- Specifies whether this security integration is enabled or disabled.
- name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Enable
Sp booleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2_
issuer str - The string containing the IdP EntityID / Issuer.
- saml2_
provider str - The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2_
sso_ strurl - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2_
x509_ strcert - The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- enabled bool
- Specifies whether this security integration is enabled or disabled.
- name str
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2_
enable_ boolsp_ initiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2_
force_ boolauthn - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2_
post_ strlogout_ redirect_ url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2_
requested_ strnameid_ format - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2_
sign_ boolrequest - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2_
snowflake_ stracs_ url - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2_
snowflake_ strissuer_ url - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2_
snowflake_ strx509_ cert - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2_
sp_ strinitiated_ login_ page_ label - The string containing the label to display after the Log In With button on the login page.
- saml2Issuer String
- The string containing the IdP EntityID / Issuer.
- saml2Provider String
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Sso
Url String - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert String
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- enabled Boolean
- Specifies whether this security integration is enabled or disabled.
- name String
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Enable
Sp BooleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn Boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Post
Logout StringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Requested
Nameid StringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request Boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Snowflake
Acs StringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer StringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
X509Cert String - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated StringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
Outputs
All input properties are implicitly available as output properties. Additionally, the SamlIntegration resource produces the following output properties:
- Created
On string - Date and time when the SAML integration was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Saml2Digest
Methods stringUsed - Saml2Signature
Methods stringUsed - Saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- Created
On string - Date and time when the SAML integration was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Saml2Digest
Methods stringUsed - Saml2Signature
Methods stringUsed - Saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- created
On String - Date and time when the SAML integration was created.
- id String
- The provider-assigned unique ID for this managed resource.
- saml2Digest
Methods StringUsed - saml2Signature
Methods StringUsed - saml2Snowflake
Metadata String - Metadata created by Snowflake to provide to SAML2 provider.
- created
On string - Date and time when the SAML integration was created.
- id string
- The provider-assigned unique ID for this managed resource.
- saml2Digest
Methods stringUsed - saml2Signature
Methods stringUsed - saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- created_
on str - Date and time when the SAML integration was created.
- id str
- The provider-assigned unique ID for this managed resource.
- saml2_
digest_ strmethods_ used - saml2_
signature_ strmethods_ used - saml2_
snowflake_ strmetadata - Metadata created by Snowflake to provide to SAML2 provider.
- created
On String - Date and time when the SAML integration was created.
- id String
- The provider-assigned unique ID for this managed resource.
- saml2Digest
Methods StringUsed - saml2Signature
Methods StringUsed - saml2Snowflake
Metadata String - Metadata created by Snowflake to provide to SAML2 provider.
Look up Existing SamlIntegration Resource
Get an existing SamlIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SamlIntegrationState, opts?: CustomResourceOptions): SamlIntegration
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_on: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
saml2_digest_methods_used: Optional[str] = None,
saml2_enable_sp_initiated: Optional[bool] = None,
saml2_force_authn: Optional[bool] = None,
saml2_issuer: Optional[str] = None,
saml2_post_logout_redirect_url: Optional[str] = None,
saml2_provider: Optional[str] = None,
saml2_requested_nameid_format: Optional[str] = None,
saml2_sign_request: Optional[bool] = None,
saml2_signature_methods_used: Optional[str] = None,
saml2_snowflake_acs_url: Optional[str] = None,
saml2_snowflake_issuer_url: Optional[str] = None,
saml2_snowflake_metadata: Optional[str] = None,
saml2_snowflake_x509_cert: Optional[str] = None,
saml2_sp_initiated_login_page_label: Optional[str] = None,
saml2_sso_url: Optional[str] = None,
saml2_x509_cert: Optional[str] = None) -> SamlIntegration
func GetSamlIntegration(ctx *Context, name string, id IDInput, state *SamlIntegrationState, opts ...ResourceOption) (*SamlIntegration, error)
public static SamlIntegration Get(string name, Input<string> id, SamlIntegrationState? state, CustomResourceOptions? opts = null)
public static SamlIntegration get(String name, Output<String> id, SamlIntegrationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
On string - Date and time when the SAML integration was created.
- Enabled bool
- Specifies whether this security integration is enabled or disabled.
- Name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Saml2Digest
Methods stringUsed - Saml2Enable
Sp boolInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- Saml2Force
Authn bool - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- Saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- Saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- Saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- Saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- Saml2Sign
Request bool - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- Saml2Signature
Methods stringUsed - Saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- Saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- Saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- Saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- Saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- Saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- Saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- Created
On string - Date and time when the SAML integration was created.
- Enabled bool
- Specifies whether this security integration is enabled or disabled.
- Name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- Saml2Digest
Methods stringUsed - Saml2Enable
Sp boolInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- Saml2Force
Authn bool - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- Saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- Saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- Saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- Saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- Saml2Sign
Request bool - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- Saml2Signature
Methods stringUsed - Saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- Saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- Saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- Saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- Saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- Saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- Saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- created
On String - Date and time when the SAML integration was created.
- enabled Boolean
- Specifies whether this security integration is enabled or disabled.
- name String
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Digest
Methods StringUsed - saml2Enable
Sp BooleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn Boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Issuer String
- The string containing the IdP EntityID / Issuer.
- saml2Post
Logout StringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Provider String
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Requested
Nameid StringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request Boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Signature
Methods StringUsed - saml2Snowflake
Acs StringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer StringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
Metadata String - Metadata created by Snowflake to provide to SAML2 provider.
- saml2Snowflake
X509Cert String - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated StringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2Sso
Url String - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert String
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- created
On string - Date and time when the SAML integration was created.
- enabled boolean
- Specifies whether this security integration is enabled or disabled.
- name string
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Digest
Methods stringUsed - saml2Enable
Sp booleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Issuer string
- The string containing the IdP EntityID / Issuer.
- saml2Post
Logout stringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Provider string
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Requested
Nameid stringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Signature
Methods stringUsed - saml2Snowflake
Acs stringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer stringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
Metadata string - Metadata created by Snowflake to provide to SAML2 provider.
- saml2Snowflake
X509Cert string - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated stringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2Sso
Url string - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert string
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- created_
on str - Date and time when the SAML integration was created.
- enabled bool
- Specifies whether this security integration is enabled or disabled.
- name str
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2_
digest_ strmethods_ used - saml2_
enable_ boolsp_ initiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2_
force_ boolauthn - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2_
issuer str - The string containing the IdP EntityID / Issuer.
- saml2_
post_ strlogout_ redirect_ url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2_
provider str - The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2_
requested_ strnameid_ format - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2_
sign_ boolrequest - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2_
signature_ strmethods_ used - saml2_
snowflake_ stracs_ url - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2_
snowflake_ strissuer_ url - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2_
snowflake_ strmetadata - Metadata created by Snowflake to provide to SAML2 provider.
- saml2_
snowflake_ strx509_ cert - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2_
sp_ strinitiated_ login_ page_ label - The string containing the label to display after the Log In With button on the login page.
- saml2_
sso_ strurl - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2_
x509_ strcert - The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
- created
On String - Date and time when the SAML integration was created.
- enabled Boolean
- Specifies whether this security integration is enabled or disabled.
- name String
- Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
- saml2Digest
Methods StringUsed - saml2Enable
Sp BooleanInitiated - The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
- saml2Force
Authn Boolean - The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
- saml2Issuer String
- The string containing the IdP EntityID / Issuer.
- saml2Post
Logout StringRedirect Url - The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
- saml2Provider String
- The string describing the IdP. One of the following: OKTA, ADFS, Custom.
- saml2Requested
Nameid StringFormat - The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
- saml2Sign
Request Boolean - The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
- saml2Signature
Methods StringUsed - saml2Snowflake
Acs StringUrl - The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
- saml2Snowflake
Issuer StringUrl - The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
- saml2Snowflake
Metadata String - Metadata created by Snowflake to provide to SAML2 provider.
- saml2Snowflake
X509Cert String - The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
- saml2Sp
Initiated StringLogin Page Label - The string containing the label to display after the Log In With button on the login page.
- saml2Sso
Url String - The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
- saml2X509Cert String
- The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Package Details
- Repository
- Snowflake pulumi/pulumi-snowflake
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
snowflake
Terraform Provider.