Multi-factor authentication: New Duo interface (Pending)¶

When users are required to use multi-factor authentication (MFA) to sign in to Snowflake, they use Duo to enroll in and authenticate with MFA. When this behavior change bundle is enabled, the Duo enrollment and authentication experience changes.

Before the change:

The traditional Duo Prompt interface appears during enrollment and authentication.

After the change:

The new Duo Universal Prompt interface appears during enrollment and authentication. For a description of the new interface, see What are the differences between the traditional Duo Prompt and the Universal Prompt?.

In most cases, this change does not require any modifications to your environment. However, you might need to configure your environment if any of the following is true:

• If your account name contains an underscore and you use private connectivity, you need to add a DNS entry that includes a dash instead of an underscore in the account URL. For example, if your account name is account_dev and your organization is myorg, then add an entry like myorg-account-dev.privatelink.snowflakecomputing.com.

• If your corporate firewall or proxy blocks api-*.duosecurity.com, *.devicemanagement.duosecurity.com, or *.duosecurity.com:443, modify it to allow these values. Snowflake previously recommended allowing *.duosecurity.com:443.

Ref: 1875