Federated Authentication & SSO¶
Federated authentication enables your users to connect to Snowflake using secure SSO (single sign-on). With SSO enabled, your users authenticate through an external, SAML 2.0-compliant identity provider (IdP). Once authenticated by this IdP, users can securely initiate one or more sessions in Snowflake for the duration of their IdP session without having to log into Snowflake. They can choose to initiate their sessions from within the interface provided by the IdP or directly in Snowflake.
For example, in the Snowflake web interface, a user connects by clicking the IdP option on the login page:
- If they have already been authenticated by the IdP, they are immediately granted access to Snowflake.
- If they have not yet been authenticated by the IdP, they are taken to the IdP interface where they authenticate, after which they are granted access to Snowflake.