Migrating to a SAML2 Security Integration


The SAML_IDENTITY_PROVIDER and SSO_LOGIN_PAGE parameters used for SAML SSO configuration and management are deprecated. Snowflake configurations should use a SAML2 security integration instead of these parameters.

Snowflake will continue to support these deprecated parameters as long as there are implementations that use them.

If you are implementing federated authentication for the first time, refer to Configuring Snowflake to use Federated Authentication.

If you have an existing SSO implementation that uses the SAML_IDENTITY_PROVIDER account parameter, follow the steps below to migrate your SSO implementation to a SAML2 security integration:

  1. Run the following SQL statement, replacing <integration_name> with the name of your new security integration:

    select system$migrate_saml_idp_registration('<integration_name>', '<issuer>');

    For more information about the <integration_name> and <issuer> arguments, and whether you need the <issuer> argument, refer to the reference documentation.

  2. Confirm that a SAML2 security integration exists by running the following SQL statement:

    desc security integration <integration_name>;

If you want to configure your security integration, refer to Configuring Snowflake to use Federated Authentication.