Categories:

User & Security DDL (Third-Party Service Integrations)

ALTER SECURITY INTEGRATION (SCIM)

Modifies the properties of an existing SCIM security integration. For information about modifying other types of security integrations (e.g. SAML2), see ALTER SECURITY INTEGRATION.

See also:

CREATE SECURITY INTEGRATION (SCIM) , DROP INTEGRATION , SHOW INTEGRATIONS , DESCRIBE INTEGRATION

In this Topic:

Syntax

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
    [ NETWORK_POLICY = '<network_policy>' ]
    [ SYNC_PASSWORD = TRUE | FALSE ]
    [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name>  UNSET {
                                                            NETWORK_POLICY |
                                                            [ , ... ]
                                                            }
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]

Parameters

name

Identifier for the integration to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

SET ...

Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):

NETWORK_POLICY = 'network_policy'

Specifies an existing network policy active for your account. The network policy restricts the list of user IP addresses when exchanging an authorization code for an access or refresh token and when using a refresh token to obtain a new access token. If this parameter is not set, the network policy for the account (if any) is used instead.

SYNC_PASSWORD = TRUE | FALSE

Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.

  • TRUE enables password synchronization.

  • FALSE disables password synchronization.

Default TRUE. If a security integration is created without setting this parameter, Snowflake sets this parameter to TRUE.

If user passwords should not be synchronized from the client to Snowflake, ensure this property value is set to FALSE and disable password synchronization in the Okta client.

Note that this property is only supported for Okta SCIM integrations. Azure SCIM integrations are not supported because Microsoft Azure does not support password synchronization. To request support, please contact Microsoft Azure.

For details, see Managing Users & Groups with SCIM.

COMMENT

String (literal) that specifies a comment for the integration.

Default: No value

TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]

Specifies the tag name and the tag string value.

The tag value is always a string, and the maximum number of characters for the tag value is 256.

For details about specifying tags in a statement, see Tag Quotas for Objects & Columns.

UNSET ...

Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:

  • NETWORK_POLICY

  • SYNC_PASSWORD

  • COMMENT

  • TAG tag_name [ , tag_name ... ]

Usage Notes

Regarding metadata:

Attention

Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.

Examples

The following example initiates operation of a suspended integration:

ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;
Back to top