January 29-30, 2024 — 8.4 Release Notes

Attention

The release has completed.

For differences between the in-advance and final versions of these release notes, see Release Notes Change Log.

Security Updates

Authentication enhancements — Preview

With this release, we are pleased to announce the preview of several enhancements related to authentication, including:

  • Authentication policies.

  • Identifier-first login flow.

  • Support for implementing federated authentication using multiple identity providers.

  • New SAML2 security integration parameters for federated authentication.

Authentication policies

Authentication policies provide control over how a client or user authenticates. They can be used to restrict logins based on the type of client trying to connect (for example, allowing Snowsight while blocking SnowSQL), as well as regulating which authentication methods can be used (for example, allowing passwords while blocking key pair authentication).

For more information, see Authentication policies.

Identifier-first login flow

The identifier-first login flow first prompts the user for a username or email address before presenting authentication options. These authentication options are based on rules defined in authentication policies and SAML2 security integrations. For example, the combination of an authentication policy and the identifier-first login flow can hide the password option from a user who needs to be authenticating with an identity provider, which reduces confusion and improves the user experience.

For more information about this feature and how to enable it, see Identifier-first login.

Multiple identity providers support

Snowflake now supports multiple identity providers, which allows different users to authenticate with different identity providers. This feature requires the identifier-first login flow to be enabled.

For more information, see Using multiple identity providers for federated authentication.

New properties for SAML2 security integrations

A SAML2 security integration for a federated authentication configuration can include two new properties:

  • ALLOWED_USER_DOMAINS

  • ALLOWED_EMAIL_PATTERNS

When the user logs in, the user’s email address must match the values specified in these properties in order to authenticate with the identity provider associated with the security integration.

This feature requires the identifier-first login flow to be enabled.

For more information, see CREATE SECURITY INTEGRATION (SAML2).

Virtual Warehouse Updates

Larger warehouses — General Availability in Microsoft Azure Regions

With this release, we are pleased to announce the general availability of larger (5X-LARGE and 6X-LARGE) warehouses in Microsoft Azure regions, excluding Azure Government regions.

Before provisioning a 5X-LARGE or 6X-LARGE warehouse, please contact Snowflake Support.

For more information, see Overview of warehouses.

Extensibility Updates

External network access — Preview

With this release, we are pleased to announce the addition of preview support for external network access on Google Cloud. You can use external access to access network locations external to Snowflake from within procedure and UDF handler code. In addition to AWS and Azure, this preview is now available on GCP except in the Gov region.

When setting up external network access, you create a network rule that represents the external network location. If your handler code will need to authenticate with the external location, you create a secret containing the credentials needed. In handler code, you can use APIs to retrieve credential values from the secret.

For more information, see External network access overview.

Java 17 support — Preview

With this release, we are pleased to announce the addition of preview support for Java 17 in Snowpark. You can now create and run Stored Procedures and UDFs using Java 17. The Snowpark API and JDBC Driver have also been updated to support Java 17.

For more information on Java support, see Snowflake Java Runtime Support.

Data Loading / Unloading Updates

Snowpipe update: a new pipe status

With this release, a new pipe status STOPPED_BY_SNOWFLAKE_ADMIN is available in the output of SYSTEM$PIPE_STATUS function. The pipe can only be set to this state by Snowflake Support. When a pipe is in this state, it means the pipe will not accept new files for ingestion.

For more information, see SYSTEM$PIPE_STATUS.

Data Pipeline Updates

Automatic task graph retry — General Availability

With this release, we are pleased to announce the general availability of automatic task graph retry. If any task graphs complete in a FAILED state, Snowflake can automatically retry the task graphs. This feature is disabled by default. To enable this feature, you need to set AUTO_RETRY_ATTEMPTS to a value greater than 0 on the root task of a task graph.

For more information, see CREATE TASK and ALTER TASK.

Release Notes Change Log

Announcement

Update

Date

Release notes

Initial publication (preview)

29-Jan-24

Snowpipe update: a new pipe status

Added to Data Loading / Unloading Updates

30-Jan-24

Automatic task graph retry

Added to Data Pipeline Updates

31-Jan-24