Specifies the authentication scheme used to establish a connection to Snowflake. It determines the authentication mechanism required for validating the user's identity and allows integration with various SSO and OAuth providers. Accepted entries are Password, OKTA, AzureAD, AzureMSI, PingFederate, PrivateKey, OAuth, OAuthClient, or ExternalBrowser.

Possible Values

Password, OKTA, PrivateKey, AzureAD, AzureMSI, OAuth, OAuthClient, PingFederate, ExternalBrowser

Data Type

string

Default Value

"OAuth"

Remarks

The server supports the following authentication mechanisms. See the Getting Started chapter for authentication guides.

• Password: Standard username/password authentication. Recommended for simple authentication setups.
• OKTA: Set this to use the OKTA SSO identity provider. Set SSOProperties in addition to the User and Password you use to authenticate to OKTA.
• AzureAD: Integrates with Azure Active Directory (Azure AD) for user authentication. Set this along with User to use the Azure AD identity provider. When connecting, your browser opens, allowing you to login to Azure AD to complete the authentication.
• AzureMSI: Uses Azure Managed Service Identity (MSI) for authentication. Set this along with AzureResource to use the Azure Managed Service Identity when running on an Azure Virtual Machine (VM).
• PingFederate: Uses PingFederate SSO identity provider for authentication. Set this along with User to use the PingFederate SSO identity provider. When connecting, your browser opens, allowing you to login to PingFederate to complete the authentication.
• PrivateKey: Key pair authentication using RSA key pairs for enhanced security. You must also set PrivateKey, PrivateKeyPassword and PrivateKeyType to authenticate with this method.
• OAuth: Standard OAuth 2.0 authentication using tokens. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. Note that the CData driver always uses PKCE with OAuth for extra security.
• OAuthClient: Client grant type OAuth authentication for service-to-service communication. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH.
• ExternalBrowser: Uses OneLogin SSO identity provider or other browser-based SSO providers. Set this along with User. When connecting, your browser opens and authentication is completed automatically.