Specifies the authentication scheme used to establish a connection to Snowflake. It determines the authentication mechanism required for validating the user's identity and allows integration with various SSO and OAuth providers. Accepted entries are Password, OKTA, AzureAD, AzureMSI, PingFederate, PrivateKey, OAuth, OAuthClient, OAuthAzureAD, OAuthClientAzureAD, OAuthOKTA, OAuthClientOKTA, OAuthOther, OAuthClientOther, OAuthJWT or ExternalBrowser.

Possible Values

Password, OKTA, PrivateKey, AzureMSI, OAuth, OAuthClient, OAuthAzureAD, OAuthClientAzureAD, OAuthOKTA, OAuthClientOKTA, OAuthOther, OAuthClientOther, OAuthJWT

Data Type

string

Default Value

"OAuth"

Remarks

The connector supports the following authentication mechanisms. See the Getting Started chapter for authentication guides.

• Password: Standard username/password authentication. Recommended for simple authentication setups.
• OKTA: Set this to use the OKTA SSO identity provider. Set SSOProperties in addition to the User and Password you use to authenticate to OKTA.
• AzureAD: Integrates with Azure Active Directory (Azure AD) for user authentication. Set this along with User to use the Azure AD identity provider. When connecting, your browser opens, allowing you to login to Azure AD to complete the authentication.
• AzureMSI: Uses Azure Managed Service Identity (MSI) for authentication. Set this along with AzureResource to use the Azure Managed Service Identity when running on an Azure Virtual Machine (VM).
• PingFederate: Uses PingFederate SSO identity provider for authentication. Set this along with User to use the PingFederate SSO identity provider. When connecting, your browser opens, allowing you to login to PingFederate to complete the authentication.
• PrivateKey: Key pair authentication using RSA key pairs for enhanced security. You must also set PrivateKey, PrivateKeyPassword and PrivateKeyType to authenticate with this method.
• OAuth: Standard OAuth 2.0 authentication using tokens. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. Note that the CData driver always uses PKCE with OAuth for extra security. It works for Snowflake’s built-in OAuth service.
• OAuthClient: Deprecated. The OAuthClient authentication mode is not supported because the Snowflake’s built-in OAuth service does not support the Client Credentials grant type.
• OAuthAzureAD: Standard OAuth 2.0 authentication using tokens. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. Note that the CData driver always uses PKCE with OAuth for extra security. The Identity Provider (IdP) is the external Azure AD.
• OAuthClientAzureAD: Client grant type OAuth authentication for service-to-service communication. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. The Identity Provider (IdP) is the external Azure AD.
• OAuthOKTA: Standard OAuth 2.0 authentication using tokens. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. Note that the CData driver always uses PKCE with OAuth for extra security. The Identity Provider (IdP) is the external OKTA.
• OAuthClientOKTA: Client grant type OAuth authentication for service-to-service communication. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. The Identity Provider (IdP) is the external OKTA.
• OAuthOther: Standard OAuth 2.0 authentication using tokens. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. Note that the CData driver always uses PKCE with OAuth for extra security. The Identity Provider (IdP) is other external customized application.
• OAuthClientOther: Client grant type OAuth authentication for service-to-service communication. Set OAuthClientId, OAuthClientSecret to the Snowflake OAuth credentials. Additionally, set InitiateOAuth to GETANDREFRESH. The Identity Provider (IdP) is other external customized application.
• OAuthJWT: Set this to perform External OAuth authentication with a JWT certificate. The Identity Provider (IdP) is the external Azure AD. Requires the following additional connection properties. [OAuthJWTCert,/OAuthJWTCertType]
• ExternalBrowser: Uses OneLogin SSO identity provider or other browser-based SSO providers. Set this along with User. When connecting, your browser opens and authentication is completed automatically.