Snowflake Behaviour Change - MFA

Support
1

Hi EasyMorph Team,

Snowflake announced a mandatory behaviour change starting in April. Users will have to use MFA, unless labled "Service Accounts". These service accounts won´t have a password. We are just trying to figure out how to manage this change with our EasyMorph connectors.

Do you by any chance have a take on how we should proceed?

Best,
Albert

2

Hi Albert,

Looks like service accounts support key pair authentication. Also, it's possible to create an account with TYPE set to LEGACY_SERVICE which will support password authorization. I will try both account types out with EasyMorph and get back to you.

3

We tried with LEGACY_SERVICE and it worked. It didn't work with SERVICE. I am not sure how long the first one will be kept around, though.

4

Hi Albert,

I was able to connect to Snowflake using a SERVICE account and a key-pair authentication with the following steps:

  1. Create a key pair as described here
  2. Create a new service account with the generated public keys as follows:
CREATE USER
    <name>
    TYPE = SERVICE
    RSA_PUBLIC_KEY = 'MIIBIjANBgkqh...'
    [ other account properties ]
  1. Grant permissions to the create account
  2. Make the following changes to the native Snowfake connector in EasyMorph:
    • Set the name of the created account to the "User" option
    • Leave the "Password" option empty
    • Add the following custom properties:
      • AUTHENTICATOR = snowflake_jwt
      • PRIVATE_KEY_FILE = <path_to_generated_private_key>

Looks like it's not possible to use the PRIVATE_KEY connection property in EasyMorph, but we will discuss internally if we should add support for this authorization method directly to the connector settings.

5

Hi Andrew,

Have you decided on the connection property in EasyMorph yet? For us, it would be ideal if it would be supported.

All the best!
Albert

6

Hi Alber,

We will add this option in one of the following releases. Most likely, to the release after the next one.

1 Like