Snowflake v0.59.0, Sep 20 24

Snowflake v0.59.0 published on Friday, Sep 20, 2024 by Pulumi

snowflake.SamlIntegration

Explore with Pulumi AI

Snowflake v0.59.0 published on Friday, Sep 20, 2024 by Pulumi

Import

$ pulumi import snowflake:index/samlIntegration:SamlIntegration example name

Create SamlIntegration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SamlIntegration(name: string, args: SamlIntegrationArgs, opts?: CustomResourceOptions);

@overload
def SamlIntegration(resource_name: str,
                    args: SamlIntegrationArgs,
                    opts: Optional[ResourceOptions] = None)

@overload
def SamlIntegration(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    saml2_issuer: Optional[str] = None,
                    saml2_x509_cert: Optional[str] = None,
                    saml2_sso_url: Optional[str] = None,
                    saml2_provider: Optional[str] = None,
                    saml2_force_authn: Optional[bool] = None,
                    saml2_post_logout_redirect_url: Optional[str] = None,
                    enabled: Optional[bool] = None,
                    saml2_requested_nameid_format: Optional[str] = None,
                    saml2_sign_request: Optional[bool] = None,
                    saml2_snowflake_acs_url: Optional[str] = None,
                    saml2_snowflake_issuer_url: Optional[str] = None,
                    saml2_snowflake_x509_cert: Optional[str] = None,
                    saml2_sp_initiated_login_page_label: Optional[str] = None,
                    saml2_enable_sp_initiated: Optional[bool] = None,
                    name: Optional[str] = None)

func NewSamlIntegration(ctx *Context, name string, args SamlIntegrationArgs, opts ...ResourceOption) (*SamlIntegration, error)

public SamlIntegration(string name, SamlIntegrationArgs args, CustomResourceOptions? opts = null)

public SamlIntegration(String name, SamlIntegrationArgs args)
public SamlIntegration(String name, SamlIntegrationArgs args, CustomResourceOptions options)

type: snowflake:SamlIntegration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SamlIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SamlIntegrationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SamlIntegrationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SamlIntegrationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SamlIntegrationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var samlIntegrationResource = new Snowflake.SamlIntegration("samlIntegrationResource", new()
{
    Saml2Issuer = "string",
    Saml2X509Cert = "string",
    Saml2SsoUrl = "string",
    Saml2Provider = "string",
    Saml2ForceAuthn = false,
    Saml2PostLogoutRedirectUrl = "string",
    Enabled = false,
    Saml2RequestedNameidFormat = "string",
    Saml2SignRequest = false,
    Saml2SnowflakeAcsUrl = "string",
    Saml2SnowflakeIssuerUrl = "string",
    Saml2SnowflakeX509Cert = "string",
    Saml2SpInitiatedLoginPageLabel = "string",
    Saml2EnableSpInitiated = false,
    Name = "string",
});

example, err := snowflake.NewSamlIntegration(ctx, "samlIntegrationResource", &snowflake.SamlIntegrationArgs{
	Saml2Issuer:                    pulumi.String("string"),
	Saml2X509Cert:                  pulumi.String("string"),
	Saml2SsoUrl:                    pulumi.String("string"),
	Saml2Provider:                  pulumi.String("string"),
	Saml2ForceAuthn:                pulumi.Bool(false),
	Saml2PostLogoutRedirectUrl:     pulumi.String("string"),
	Enabled:                        pulumi.Bool(false),
	Saml2RequestedNameidFormat:     pulumi.String("string"),
	Saml2SignRequest:               pulumi.Bool(false),
	Saml2SnowflakeAcsUrl:           pulumi.String("string"),
	Saml2SnowflakeIssuerUrl:        pulumi.String("string"),
	Saml2SnowflakeX509Cert:         pulumi.String("string"),
	Saml2SpInitiatedLoginPageLabel: pulumi.String("string"),
	Saml2EnableSpInitiated:         pulumi.Bool(false),
	Name:                           pulumi.String("string"),
})

var samlIntegrationResource = new SamlIntegration("samlIntegrationResource", SamlIntegrationArgs.builder()
    .saml2Issuer("string")
    .saml2X509Cert("string")
    .saml2SsoUrl("string")
    .saml2Provider("string")
    .saml2ForceAuthn(false)
    .saml2PostLogoutRedirectUrl("string")
    .enabled(false)
    .saml2RequestedNameidFormat("string")
    .saml2SignRequest(false)
    .saml2SnowflakeAcsUrl("string")
    .saml2SnowflakeIssuerUrl("string")
    .saml2SnowflakeX509Cert("string")
    .saml2SpInitiatedLoginPageLabel("string")
    .saml2EnableSpInitiated(false)
    .name("string")
    .build());

saml_integration_resource = snowflake.SamlIntegration("samlIntegrationResource",
    saml2_issuer="string",
    saml2_x509_cert="string",
    saml2_sso_url="string",
    saml2_provider="string",
    saml2_force_authn=False,
    saml2_post_logout_redirect_url="string",
    enabled=False,
    saml2_requested_nameid_format="string",
    saml2_sign_request=False,
    saml2_snowflake_acs_url="string",
    saml2_snowflake_issuer_url="string",
    saml2_snowflake_x509_cert="string",
    saml2_sp_initiated_login_page_label="string",
    saml2_enable_sp_initiated=False,
    name="string")

const samlIntegrationResource = new snowflake.SamlIntegration("samlIntegrationResource", {
    saml2Issuer: "string",
    saml2X509Cert: "string",
    saml2SsoUrl: "string",
    saml2Provider: "string",
    saml2ForceAuthn: false,
    saml2PostLogoutRedirectUrl: "string",
    enabled: false,
    saml2RequestedNameidFormat: "string",
    saml2SignRequest: false,
    saml2SnowflakeAcsUrl: "string",
    saml2SnowflakeIssuerUrl: "string",
    saml2SnowflakeX509Cert: "string",
    saml2SpInitiatedLoginPageLabel: "string",
    saml2EnableSpInitiated: false,
    name: "string",
});

type: snowflake:SamlIntegration
properties:
    enabled: false
    name: string
    saml2EnableSpInitiated: false
    saml2ForceAuthn: false
    saml2Issuer: string
    saml2PostLogoutRedirectUrl: string
    saml2Provider: string
    saml2RequestedNameidFormat: string
    saml2SignRequest: false
    saml2SnowflakeAcsUrl: string
    saml2SnowflakeIssuerUrl: string
    saml2SnowflakeX509Cert: string
    saml2SpInitiatedLoginPageLabel: string
    saml2SsoUrl: string
    saml2X509Cert: string

SamlIntegration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SamlIntegration resource accepts the following input properties:

Saml2Issuer string: The string containing the IdP EntityID / Issuer.
Saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Enabled bool: Specifies whether this security integration is enabled or disabled.
Name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Saml2EnableSpInitiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2ForceAuthn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2SignRequest bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.

Saml2Issuer string: The string containing the IdP EntityID / Issuer.
Saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
Enabled bool: Specifies whether this security integration is enabled or disabled.
Name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Saml2EnableSpInitiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2ForceAuthn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2SignRequest bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.

saml2Issuer String: The string containing the IdP EntityID / Issuer.
saml2Provider String: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2SsoUrl String: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert String: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
enabled Boolean: Specifies whether this security integration is enabled or disabled.
name String: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2EnableSpInitiated Boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn Boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2PostLogoutRedirectUrl String: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2RequestedNameidFormat String: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest Boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SnowflakeAcsUrl String: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl String: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeX509Cert String: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel String: The string containing the label to display after the Log In With button on the login page.

saml2Issuer string: The string containing the IdP EntityID / Issuer.
saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
enabled boolean: Specifies whether this security integration is enabled or disabled.
name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2EnableSpInitiated boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.

saml2_issuer str: The string containing the IdP EntityID / Issuer.
saml2_provider str: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2_sso_url str: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2_x509_cert str: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
enabled bool: Specifies whether this security integration is enabled or disabled.
name str: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2_enable_sp_initiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2_force_authn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2_post_logout_redirect_url str: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2_requested_nameid_format str: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2_sign_request bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2_snowflake_acs_url str: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2_snowflake_issuer_url str: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2_snowflake_x509_cert str: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2_sp_initiated_login_page_label str: The string containing the label to display after the Log In With button on the login page.

saml2Issuer String: The string containing the IdP EntityID / Issuer.
saml2Provider String: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2SsoUrl String: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert String: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.
enabled Boolean: Specifies whether this security integration is enabled or disabled.
name String: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2EnableSpInitiated Boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn Boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2PostLogoutRedirectUrl String: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2RequestedNameidFormat String: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest Boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SnowflakeAcsUrl String: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl String: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeX509Cert String: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel String: The string containing the label to display after the Log In With button on the login page.

Outputs

All input properties are implicitly available as output properties. Additionally, the SamlIntegration resource produces the following output properties:

CreatedOn string: Date and time when the SAML integration was created.
Id string: The provider-assigned unique ID for this managed resource.
Saml2DigestMethodsUsed string
Saml2SignatureMethodsUsed string
Saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.

CreatedOn string: Date and time when the SAML integration was created.
Id string: The provider-assigned unique ID for this managed resource.
Saml2DigestMethodsUsed string
Saml2SignatureMethodsUsed string
Saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.

createdOn String: Date and time when the SAML integration was created.
id String: The provider-assigned unique ID for this managed resource.
saml2DigestMethodsUsed String
saml2SignatureMethodsUsed String
saml2SnowflakeMetadata String: Metadata created by Snowflake to provide to SAML2 provider.

createdOn string: Date and time when the SAML integration was created.
id string: The provider-assigned unique ID for this managed resource.
saml2DigestMethodsUsed string
saml2SignatureMethodsUsed string
saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.

created_on str: Date and time when the SAML integration was created.
id str: The provider-assigned unique ID for this managed resource.
saml2_digest_methods_used str
saml2_signature_methods_used str
saml2_snowflake_metadata str: Metadata created by Snowflake to provide to SAML2 provider.

createdOn String: Date and time when the SAML integration was created.
id String: The provider-assigned unique ID for this managed resource.
saml2DigestMethodsUsed String
saml2SignatureMethodsUsed String
saml2SnowflakeMetadata String: Metadata created by Snowflake to provide to SAML2 provider.

Look up Existing SamlIntegration Resource

Get an existing SamlIntegration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SamlIntegrationState, opts?: CustomResourceOptions): SamlIntegration

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        created_on: Optional[str] = None,
        enabled: Optional[bool] = None,
        name: Optional[str] = None,
        saml2_digest_methods_used: Optional[str] = None,
        saml2_enable_sp_initiated: Optional[bool] = None,
        saml2_force_authn: Optional[bool] = None,
        saml2_issuer: Optional[str] = None,
        saml2_post_logout_redirect_url: Optional[str] = None,
        saml2_provider: Optional[str] = None,
        saml2_requested_nameid_format: Optional[str] = None,
        saml2_sign_request: Optional[bool] = None,
        saml2_signature_methods_used: Optional[str] = None,
        saml2_snowflake_acs_url: Optional[str] = None,
        saml2_snowflake_issuer_url: Optional[str] = None,
        saml2_snowflake_metadata: Optional[str] = None,
        saml2_snowflake_x509_cert: Optional[str] = None,
        saml2_sp_initiated_login_page_label: Optional[str] = None,
        saml2_sso_url: Optional[str] = None,
        saml2_x509_cert: Optional[str] = None) -> SamlIntegration

func GetSamlIntegration(ctx *Context, name string, id IDInput, state *SamlIntegrationState, opts ...ResourceOption) (*SamlIntegration, error)

public static SamlIntegration Get(string name, Input<string> id, SamlIntegrationState? state, CustomResourceOptions? opts = null)

public static SamlIntegration get(String name, Output<String> id, SamlIntegrationState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreatedOn string: Date and time when the SAML integration was created.
Enabled bool: Specifies whether this security integration is enabled or disabled.
Name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Saml2DigestMethodsUsed string
Saml2EnableSpInitiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2ForceAuthn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2Issuer string: The string containing the IdP EntityID / Issuer.
Saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2SignRequest bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignatureMethodsUsed string
Saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.
Saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.
Saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

CreatedOn string: Date and time when the SAML integration was created.
Enabled bool: Specifies whether this security integration is enabled or disabled.
Name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
Saml2DigestMethodsUsed string
Saml2EnableSpInitiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
Saml2ForceAuthn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
Saml2Issuer string: The string containing the IdP EntityID / Issuer.
Saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
Saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
Saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
Saml2SignRequest bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
Saml2SignatureMethodsUsed string
Saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
Saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.
Saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
Saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.
Saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
Saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

createdOn String: Date and time when the SAML integration was created.
enabled Boolean: Specifies whether this security integration is enabled or disabled.
name String: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2DigestMethodsUsed String
saml2EnableSpInitiated Boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn Boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2Issuer String: The string containing the IdP EntityID / Issuer.
saml2PostLogoutRedirectUrl String: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2Provider String: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2RequestedNameidFormat String: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest Boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SignatureMethodsUsed String
saml2SnowflakeAcsUrl String: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl String: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeMetadata String: Metadata created by Snowflake to provide to SAML2 provider.
saml2SnowflakeX509Cert String: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel String: The string containing the label to display after the Log In With button on the login page.
saml2SsoUrl String: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert String: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

createdOn string: Date and time when the SAML integration was created.
enabled boolean: Specifies whether this security integration is enabled or disabled.
name string: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2DigestMethodsUsed string
saml2EnableSpInitiated boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2Issuer string: The string containing the IdP EntityID / Issuer.
saml2PostLogoutRedirectUrl string: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2Provider string: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2RequestedNameidFormat string: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SignatureMethodsUsed string
saml2SnowflakeAcsUrl string: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl string: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeMetadata string: Metadata created by Snowflake to provide to SAML2 provider.
saml2SnowflakeX509Cert string: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel string: The string containing the label to display after the Log In With button on the login page.
saml2SsoUrl string: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert string: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

created_on str: Date and time when the SAML integration was created.
enabled bool: Specifies whether this security integration is enabled or disabled.
name str: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2_digest_methods_used str
saml2_enable_sp_initiated bool: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2_force_authn bool: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2_issuer str: The string containing the IdP EntityID / Issuer.
saml2_post_logout_redirect_url str: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2_provider str: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2_requested_nameid_format str: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2_sign_request bool: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2_signature_methods_used str
saml2_snowflake_acs_url str: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2_snowflake_issuer_url str: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2_snowflake_metadata str: Metadata created by Snowflake to provide to SAML2 provider.
saml2_snowflake_x509_cert str: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2_sp_initiated_login_page_label str: The string containing the label to display after the Log In With button on the login page.
saml2_sso_url str: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2_x509_cert str: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

createdOn String: Date and time when the SAML integration was created.
enabled Boolean: Specifies whether this security integration is enabled or disabled.
name String: Specifies the name of the SAML2 integration. This name follows the rules for Object Identifiers. The name should be unique among security integrations in your account.
saml2DigestMethodsUsed String
saml2EnableSpInitiated Boolean: The Boolean indicating if the Log In With button will be shown on the login page. TRUE: displays the Log in WIth button on the login page. FALSE: does not display the Log in With button on the login page.
saml2ForceAuthn Boolean: The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to TRUE, Snowflake sets the ForceAuthn SAML parameter to TRUE in the outgoing request from Snowflake to the identity provider. TRUE: forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists. FALSE: does not force users to authenticate again to access Snowflake.
saml2Issuer String: The string containing the IdP EntityID / Issuer.
saml2PostLogoutRedirectUrl String: The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic Snowflake web interface. Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
saml2Provider String: The string describing the IdP. One of the following: OKTA, ADFS, Custom.
saml2RequestedNameidFormat String: The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress value in the authentication request to the IdP. NameID must be one of the following values: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName, urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName, urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos, urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient .
saml2SignRequest Boolean: The Boolean indicating whether SAML requests are signed. TRUE: allows SAML requests to be signed. FALSE: does not allow SAML requests to be signed.
saml2SignatureMethodsUsed String
saml2SnowflakeAcsUrl String: The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake. This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use. Default: https://\n\n.\n\n.snowflakecomputing.com/fed/login
saml2SnowflakeIssuerUrl String: The string containing the EntityID / Issuer for the Snowflake service provider. If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
saml2SnowflakeMetadata String: Metadata created by Snowflake to provide to SAML2 provider.
saml2SnowflakeX509Cert String: The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests. You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
saml2SpInitiatedLoginPageLabel String: The string containing the label to display after the Log In With button on the login page.
saml2SsoUrl String: The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML AuthnRequest message.
saml2X509Cert String: The Base64 encoded IdP signing certificate on a single line without the leading -----BEGIN CERTIFICATE----- and ending -----END CERTIFICATE----- markers.

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Snowflake v0.59.0 published on Friday, Sep 20, 2024 by Pulumi

pulumi/pulumi-snowflake

snowflake.SamlIntegration

On this page

On this page

Import

Create SamlIntegration Resource

Constructor syntax

Parameters

Constructor example

SamlIntegration Resource Properties

Inputs

Outputs

Look up Existing SamlIntegration Resource

Package Details

On this page

On this page