ALTER SECURITY INTEGRATION (SCIM)¶

Modifies the properties of an existing SCIM security integration. For information about modifying other types of security integrations (e.g. SAML2), see ALTER SECURITY INTEGRATION.

See also:

CREATE SECURITY INTEGRATION (SCIM) , DROP INTEGRATION , SHOW INTEGRATIONS , DESCRIBE INTEGRATION

Syntax¶

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
    [ ENABLED = { TRUE | FALSE } ]
    [ NETWORK_POLICY = '<network_policy>' ]
    [ SYNC_PASSWORD = { TRUE | FALSE } ]
    [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name>  UNSET {
                                                            NETWORK_POLICY |
                                                            [ , ... ]
                                                            }
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]
Copy

Parameters¶

name

Identifier for the integration to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

SET ...

Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):

ENABLED = TRUE | FALSE

Specifies whether the security integration is enabled. To disable the integration, set ENABLED = FALSE.

NETWORK_POLICY = 'network_policy'

Specifies an existing network policy that controls SCIM network traffic.

If there are also network policies set for the account or user, see Network policy precedence.

SYNC_PASSWORD = TRUE | FALSE

Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.

  • TRUE enables password synchronization.

  • FALSE disables password synchronization.

Default TRUE. If a security integration is created without setting this parameter, Snowflake sets this parameter to TRUE.

If user passwords should not be synchronized from the client to Snowflake, ensure this property value is set to FALSE and disable password synchronization in the Okta client.

Note that this property is only supported for Okta SCIM integrations. Azure SCIM integrations are not supported because Microsoft Azure does not support password synchronization. To request support, please contact Microsoft Azure.

For details, see Snowflake SCIM support.

COMMENT

String (literal) that specifies a comment for the integration.

Default: No value

TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]

Specifies the tag name and the tag string value.

The tag value is always a string, and the maximum number of characters for the tag value is 256.

For information about specifying tags in a statement, see Tag quotas for objects and columns.

UNSET ...

Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:

  • NETWORK_POLICY

  • SYNC_PASSWORD

  • COMMENT

  • TAG tag_name [ , tag_name ... ]

Usage notes¶

Regarding metadata:

Attention

Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.

Examples¶

The following example initiates operation of a suspended integration:

ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;
Copy