Categories:

User & Security DDL (Third-Party Service Integrations)

# ALTER SECURITY INTEGRATION (SCIM)¶

Modifies the properties of an existing SCIM security integration. For information about modifying other types of security integrations (e.g. SAML2), see ALTER SECURITY INTEGRATION.

In this Topic:

## Syntax¶

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
[ NETWORK_POLICY = '<network_policy>' ]
[ SYNC_PASSWORD = TRUE | FALSE ]
[ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name>  UNSET {
NETWORK_POLICY |
[ , ... ]
}
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]


## Parameters¶

name

Identifier for the integration to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

SET ...

Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):

NETWORK_POLICY = 'network_policy'

Specifies an existing network policy active for your account. The network policy restricts the list of user IP addresses when exchanging an authorization code for an access or refresh token and when using a refresh token to obtain a new access token. If this parameter is not set, the network policy for the account (if any) is used instead.

SYNC_PASSWORD = TRUE | FALSE

Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.

• TRUE enables password synchronization.

• FALSE disables password synchronization.

Default TRUE. If a security integration is created without setting this parameter, Snowflake sets this parameter to TRUE.

If user passwords should not be synchronized from the client to Snowflake, ensure this property value is set to FALSE and disable password synchronization in the Okta client.

Note that this property is only supported for Okta SCIM integrations. Azure SCIM integrations are not supported because Microsoft Azure does not support password synchronization. To request support, please contact Microsoft Azure.

For details, see Managing Users & Groups with SCIM.

COMMENT

String (literal) that specifies a comment for the integration.

Default: No value

TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]

Specifies the tag name and the tag string value.

The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tags that can be set on an object is 20. For more information, see Tag Quotas for Objects/Columns.

UNSET ...

Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:

• NETWORK_POLICY

• SYNC_PASSWORD

• COMMENT

• TAG tag_name [ , tag_name ... ]

## Usage Notes¶

ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;