ALTER SECURITY INTEGRATION (SCIM)¶
Modifies the properties of an existing SCIM security integration. For information about modifying other types of security integrations (e.g. SAML2), see ALTER SECURITY INTEGRATION.
- See also:
CREATE SECURITY INTEGRATION (SCIM) , DROP INTEGRATION , SHOW INTEGRATIONS , DESCRIBE INTEGRATION
Syntax¶
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET
[ ENABLED = { TRUE | FALSE } ]
[ NETWORK_POLICY = '<network_policy>' ]
[ SYNC_PASSWORD = { TRUE | FALSE } ]
[ COMMENT = '<string_literal>' ]
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET {
NETWORK_POLICY |
[ , ... ]
}
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]
ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]
Parameters¶
name
Identifier for the integration to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
SET ...
Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
ENABLED = TRUE | FALSE
Specifies whether the security integration is enabled. To disable the integration, set
ENABLED = FALSE
.NETWORK_POLICY = 'network_policy'
Specifies an existing network policy that controls SCIM network traffic.
If there are also network policies set for the account or user, see Network policy precedence.
SYNC_PASSWORD = TRUE | FALSE
Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.
TRUE
enables password synchronization.FALSE
disables password synchronization.
Default
TRUE
. If a security integration is created without setting this parameter, Snowflake sets this parameter toTRUE
.If user passwords should not be synchronized from the client to Snowflake, ensure this property value is set to
FALSE
and disable password synchronization in the Okta client.Note that this property is only supported for Okta SCIM integrations. Microsoft Entra ID SCIM integrations are not supported because Microsoft Entra ID does not support password synchronization. To request support, please contact Microsoft.
For details, see Snowflake SCIM support.
COMMENT
String (literal) that specifies a comment for the integration.
Default: No value
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name and the tag string value.
The tag value is always a string, and the maximum number of characters for the tag value is 256.
For information about specifying tags in a statement, see Tag quotas for objects and columns.
UNSET ...
Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:
NETWORK_POLICY
SYNC_PASSWORD
COMMENT
TAG tag_name [ , tag_name ... ]
Usage notes¶
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.
Examples¶
The following example initiates operation of a suspended integration:
ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;