To enablefederated authentication(akaSSO via SAML 2.0) in Snowflake, the integration with anIdentity Provider (IdP)must be configured. This setup involves configuringexternal authentication via SAML, and Snowflake needs specific information from the IdP.

????Required Information from IdP:

URL Endpoint for SAML Requests (B)

This is often referred to as theSSO URLorSAML 2.0 Endpoint (HTTP).

It's the URL that Snowflake redirects users to for authentication.

In Snowflake's SAML configuration, this is required as the SAML2_ISSUER or SAML2_SSO_URL.

Authentication Certificate (D)

This is theX.509 certificateissued by the IdP.

It's used by Snowflake tovalidate the digital signatureof the SAML assertions sent by the IdP.

It ensures that the SAML response is authentic and not tampered with.

❌Why Other Options Are Incorrect:

A. IdP account details

Not needed. Snowflake doesn’t require credentials or internal details from the IdP. It relies onassertionssent via SAML, not stored accounts.

C. SAML response format

Snowflake adheres toSAML 2.0 standard, and expects a compliant format. There's no need to specify format explicitly — it’s part of the standard protocol.

E. IdP encryption key

Not required by Snowflake. Snowflake verifies SAML assertions viasignature validation, not encryption using the IdP’s private key.

????SnowPro Administrator References:

Snowflake Documentation — Federated Authentication Setup

https://docs.snowflake.com/en/user-guide/security-fed-auth-use

https://docs.snowflake.com/en/user-guide/security-fed-auth-config

Required IdP Metadata for Snowflake SAML Configuration:

SAML2_SSO_URL: SAML 2.0 POST binding endpoint

SAML2_X509_CERT: Public cert used to validate IdP signatures