Troubleshooting connector-specific SSO authentication

Snowflake

Why am I getting an incorrect username or password error message?

If you receive the following error message:Cannot create PoolableConnectionFactory (Incorrect username or password was specified.)

The security integration in Snowflake maps Atlan email addresses to Snowflake login names. First, check if a user with an Atlan email address exists in Snowflake.

If a user exists and the Snowflake login name is not an email address, your Snowflake administrator will have to manually update the user-mapping in the security integration to use email addresses instead. To do so, add the following command to the security integration in Snowflake:

EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE = 'EMAIL_ADDRESS'

Refer to Snowflake documentation.

Why am I getting a role error message?

If you receive the following error message:Cannot create PoolableConnectionFactory (Role <'ACCOUNTADMIN'/'ORGADMIN'/'SECURITYADMIN'> specified in the connect string is not granted to this user. Contact your local system administrator, or attempt to login with another role, e.g. PUBLIC

By default, Snowflake blocks the ACCOUNTADMIN, ORGADMIN, and SECURITYADMIN roles from being assumed in the security integration. Therefore, a user with any of these Snowflake roles will not be able to run queries with Snowflake OAuth-based authentication.

To allow users with the ACCOUNTADMIN, ORGADMIN, or SECURITYADMIN role to query with Snowflake OAuth-based authentication, you will need to add the following command to set account-level permissions for the security integration in Snowflake:

ALTER ACCOUNT SET EXTERNAL_OAUTH_ADD_PRIVILEGED_ROLES_TO_BLOCKED_LIST = FALSE;

Refer to Snowflake documentation.

Related articles

Was this article helpful?
0 out of 0 found this helpful