Securing Snowflake¶
Snowflake provides industry-leading features that help ensure you can configure the highest levels of security for your account and users, as well as all the data you store in Snowflake.
These topics are intended primarily for administrators (i.e. users with the ACCOUNTADMIN, SYSADMIN, or SECURITYADMIN roles).
Authentication¶
- Authentication policies
Using authentication policies to restrict account and user authentication by client, authentication methods, and more.
- Multi-factor authentication (MFA)
Using multi-factor authentication with Snowflake.
- Federated Authentication & SSO
Topics related to federated authentication to Snowflake.
- Key-pair authentication and key-pair rotation
Using key-pair authentication to Snowflake.
- Using programmatic access tokens for authentication
Generating and managing programmatic access tokens for authentication.
- OAuth
Topics related to using Snowflake OAuth and External OAuth to connect to Snowflake.
- Workload identity federation
Preferred authentication method for service-to-service workloads.
- External API authentication and secrets
Configuring Snowflake to authenticate to external services.
Network security¶
- Malicious IP Protection
Protecting your account from IP addresses that are known to be malicious.
- Controlling network traffic with network policies
Using network policies to restrict access to Snowflake.
- Network rules
Using network rules with other Snowflake features to restrict access to and from Snowflake.
Private connectivity¶
- Private connectivity for inbound network traffic
Using private connectivity to access the Snowflake service, Snowsight, Streamlit in Snowflake, internal stages, and Snowpark Container Services.
- Private connectivity for outbound network traffic
Using private connectivity for external network locations, external functions, external stages, external tables, external volumes, and Snowpipe automation.