Aug 14, 2025: Workload identity federation (General availability)¶

Workload identity federation lets your workloads — such as services, applications, and containers — authenticate to Snowflake without managing or storing long-lived credentials. It provides similar security benefits to using an identity provider like in External OAuth, but can be much simpler to implement.

Implementing workload identity federation consists of configuring the workload to use its native identity provider, creating a Snowflake service user for the workload, and making sure the workload uses a Snowflake driver that is capable of sending an attestation or security token from the native identify provider to Snowflake.

When Snowflake’s deprecation of single-factor password sign-ins is complete, workloads that authenticate to Snowflake without human interaction won’t be able to use a password. Workload identity federation provides a straightforward, secure authentication method for these workloads.

For more information, see Workload identity federation.