Learn how to troubleshoot and resolve Snowflake Private Link connectivity issues when using Azure SAML SSO with ADFS as a SCIM identity provider. Discover the steps to ensure secure access to your Snowflake account.
Table of Contents
Question
A company is using a Snowflake account in Azure. The account has SAML SSO set up using ADFS as a SCIM identity provider. To validate Private Link connectivity, an Architect performed the following steps:
- Confirmed Private Link URLs are working by logging in with a username/password account
- Verified DNS resolution by running nslookups against Private Link URLs
- Validated connectivity using SnowCD
- Disabled public access using a network policy set to use the company’s IP address range
- However, the following error message is received when using SSO to log into the company account:
- IP XX.XXX.XX.XX is not allowed to access snowflake. Contact your local security administrator.
What steps should the Architect take to resolve this error and ensure that the account is accessed using only Private Link? (Choose two.)
A. Alter the Azure security integration to use the Private Link URLs.
B. Add the IP address in the error message to the allowed list in the network policy.
C. Generate a new SCIM access token using system$generate_scim_access_token and save it to Azure AD.
D. Update the configuration of the Azure AD SSO to use the Private Link URLs.
E. Open a case with Snowflake Support to authorize the Private Link URLs’ access to the account.
Answer
A. Alter the Azure security integration to use the Private Link URLs.
D. Update the configuration of the Azure AD SSO to use the Private Link URLs.
Explanation
To resolve the error message and ensure that the Snowflake account is accessed only using Private Link, the Architect should take the following steps:
A. Alter the Azure security integration to use the Private Link URLs. Update the Azure AD security integration configuration to use the Private Link URLs instead of the public URLs. This ensures that the SSO authentication process uses the secure Private Link connection.
D. Update the configuration of the Azure AD SSO to use the Private Link URLs. Modify the Azure AD Single Sign-On (SSO) settings to use the Private Link URLs for Snowflake. This aligns the SSO configuration with the Private Link setup, allowing users to access Snowflake securely through the private connection.
By updating both the Azure security integration and the Azure AD SSO configuration to use the Private Link URLs, the Architect can resolve the IP address access error and ensure that the Snowflake account is accessed exclusively through the secure Private Link connection.
Snowflake SnowPro Advanced Architect certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Advanced Architect exam and earn Snowflake SnowPro Advanced Architect certification.