Can you provision users and authenticate in Snowflake using CIAM solutions? - azure-active-directory

Snowflake's federation authentication documentation does not explicitly mention Customer Identity Access Management (CIAM):
https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-overview.html
Is it possible to use CIAM services such as Azure Active Directory B2C or Google Cloud Identity Platform with Snowflake? The idea would be to leverage BYOI / social logins.

We Support SAML and OAUTH. If CIAM supports these standards, then there should not be any issues integrating it with snowflake.
However, this has not been tested from our side.
You can open a support case if you are running into any errors etc.

Related

Hybrid authentication with AAD and DB Users

We use LDAP and our local SQL Server databases to authenticate our users, using Apache Shiro as the app is developed with Apache ISIS. Users in the SQL Server database are REST consumers, while LDAP contains only business users. Lastly, I was instructed to move my LDAP users to MS AAD.
Is there an architecture that allows me to keep both users? Business users will access the app through the MS OpenConnect portal. At the same time, other applications can continue using DB authentication to consume REST APIs.
Yes, it's possible. Actually, the essential of your questions is "how to enable multiple authentication manner s in web app". Since AAD authentication is claimed based, very different from LDAP, so you will need to change your code for sure to upgrade from LDAP to AAD.
Regarding multiple authentication, I don't know the platform you're using. Here is an sample for ASP.NET CORE for your reference:ASP.NET Core: Supporting multiple Authorization

Integration between Azure and Google - SSO and User Provisioning from Google to Azure

We have G Suite as an identity provider in our company. Some of users also use Azure and Office 365. We want to be able to login by using Google account to Azure Ad and later have this account in AD and assign roles and groups in AD and whole Azure. We want to change passwords in Google etc.
How to setup SSO from Google to Azure?
Azure AD supports the concept of Identity Providers for External Identities. You can read about it here on Microsoft Docs.
You could enable users from identity providers like :
Google
Facebook
Direct federation (to external identity providers that support SAML or WS-Fed protocols)
Since you specifically mention G suite as an identity provider in your company, Direct federation may be the most relevant one for you. I say this because using Google federation directly is designed for Gmail accounts as mentioned in the note here on Microsoft Docs
How to setup Direct Federation is explained in detail here on Microsoft Docs
Please note that
This feature is currently in Preview
There some important limitations in terms of domain requirements and authentication URL as stated here on Microsoft Docs

Will Azure AD SCIM integration delete pre-existing users created directly into Snowflake?

Hi I'm following the steps outline into:
https://docs.snowflake.com/en/user-guide/scim-azure.html
But I couldn't find any documentation explaining whether this user sync will affect my existing Snowflake users (the ones that have been created straight into Snowflake before the AD integration)
I believe the reference you are looking for is here:
See the note section of: https://docs.snowflake.com/en/user-guide/scim-azure.html#enabling-snowflake-initiated-sso
"By default, Azure AD users provisioned to Snowflake using SCIM are
not assigned a password in Snowflake. This means that if SAML SSO is
configured in Azure AD, users will authenticate to Snowflake using
SSO.
SAML SSO is not a requirement if using SCIM to provision users and
groups from Azure AD to Snowflake. For additional options, see
Configure Azure AD single sign-on."
To enable Snowflake Initiated SSO
https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-configure-snowflake.html#label-enable-snowflake-init-sso
Snowflake support confirmed that the existing users are NOT affected by any SCIM integration and I tested it with success, nothing happens to the existing users.

How to implement single sign-on using kerberos authentication in azure active directory

Using Azure Active Directory When i am applying single sign on for my web application i am able to do the Password-based single sign-on successfully.
But when i am doing with Integrated Windows Authentication(for kerberos authentication mainly), i am not able to configure it. i am very confused.
Can anybody guide me how to enable kerberos authentication for web application.
or please send me any example links how to set kerberos authentication for web applications.
Thanks!
If you are trying to use Azure AD with Kerberos for Windows Integrated Authentication there was a comment about AADConnect, which has some offerings, especially if you use ADFS for Federated sign-ins. There is also the Azure App Proxy with KCD support

Azure AD (creating custom multi factor authentication instead of using the one provided by Azure)

I am developing an application which uses Azure AD as authentication provider.
Need to implement a two factor authentication for the application.
Is it possible to create our own provider and plugin into azure without using the one available with Azure AD.
As far as I know, the Azure AD doesn't support to use the third-party MFA authentication provider.
However we are also could build multi-factor authentication into custom apps with Azure AD. More detail about this you can refer this document.

Resources