Versions Compared

Old Version 5

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

compared with

New Version 6

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

RED Connection Setup with Snowflake Key Pair

RED

...

9 and RED

...

10 using Advanced Connect

  • User: your snowflake user

  • Password: your Private Key Password (for encrypted key files)

  • Connection String: dsn=$DSN$;user=$USER$;priv_key_file_pwd=$PASSWORD$;

The connection property ‘PRIV_KEY_FILE’ will be taken from the DSN, this is why it is a good idea to create a ‘USER’ level DSN so that each user on the system can have a different private key file (and pwd).

RED 8 or RED 9 or

...

10 without Advanced Connect

Without the Advanced Connect feature, added in RED 9.0 and RED 10.2, your only option is to enter all the details into your DSN’s, including the user, key file and key file password. Then in RED your Snowflake connections would only populate the User name field as the rest of the connection attributes will be taken from the DSN.

...

Snowflake MFA authentication is designed for browser based applications, but it can be used for other applications such as RED also. This method of authentication can not be used via the scheduler Scheduler as it requires a user interaction.

Authenticating with MFA requires a second ‘factor’ in the authentication process, for RED applications this second factor should be an ‘Authenticator App’ which will either supply a Time-Based One Time Password (TOTP) or require you to accept a push notification on your mobile device.

...

When connecting to an MFA TOTP enabled Snowflake DSN you would need to supply the TOTP concatenated on to the end of the password, this requires an additional connection attribute 'passcodeInPassword=on' which you can not enter into the DSN dialog, therefore you can not create the initial connection to Snowflake using the built in Snowflake DSN Test function unless you added this parameter to the registry for the DSN. If using DUO Duo push MFA method you do not need this attribute.

...

RED Connection Setup with Snowflake MFA

RED

...

9 and RED

...

10 using Advanced Connect

  • User: your snowflake user

  • TOTP based MFA:

    • Password: your password + your TOTP (MFA code)

    • Connection String: dsn=$DSN$;user=$USER$;pwd=$PASSWORD$;passcodeInPassword=on;

  • Duo Push Notification

    • Password: your password

    • Connection String: dsn=$DSN$;user=$USER$;pwd=$PASSWORD$;

...

For TOTP the initial authentication process would be, when you are ready to browse a Snowflake connection in RED UI you would enter your password along with the currently active TOTP from your authenticator app appended to your password, once connected if the ALLOW_CLIENT_MFA_CACHING = TRUE on your organization's account you will not need to provide a new TOTP for a few hours on the same device.

RED 8 or RED 9 or

...

10 without Advanced Connect

MFA is not really feasible without the Advanced Connect feature since Legacy Connect requires shared credentials in RED, but if you only have a single user working with RED then you can follow this workaround:

...

RED Connection Setup with Snowflake PAT

RED

...

9 and RED

...

10 using Advanced Connect

  • User: your snowflake user

  • Password: your PAT

  • Connection String: dsn=$DSN$;user=$USER$;pwd=$PASSWORD$;

RED 8 or RED 9 or

...

10 without Advanced Connect

...

Without the Advanced Connect feature, added in RED 9.0 and RED 10.2, your only option is to enter the PAT directly into the DSN (or registry), USER DSN preferred. The PAT can’t be entered into the RED UI password field due to the length restrictions of the field when using Legacy Connect.

...