Skip to main content

SCIM Integration

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with SCIM Integration:

  • Manage Lifecycle of new and existing SCIM Integrations

Supported Parameters

The engine supports the parameters listed below.

  • PROVISIONER_ROLE: Specify the SCIM role in Snowflake that owns any users and roles that are imported from the identity provider into Snowflake using SCIM.
    • REQUIRED
    • Configuration key: provisioner_role or run_as_role
    • Data Type: String
      caution

      The PROVISIONER_ROLE must be one of the [OKTA_PROVISIONER, AAD_PROVISIONER, GENERIC_SCIM_PROVISIONER]. Please refer to Snowflake documentation. One cannot use both configuration keys provisioner_role and run_as_role at the same time in a scim configuration

  • SCIM_CLIENT: Specifies the client type for the scim integration
    • REQUIRED
    • Configuration key: scim_client
    • Data Type: String
      caution

      The SCIM_CLIENT must be one of the [OKTA, AZURE, CUSTOM] . Please refer to Snowflake documentation.

  • NETWORK_POLICY: Specifies an existing network policy active for your account. The network policy restricts the list of user IP addresses when exchanging an authorization code for an access or refresh token and when using a refresh token to obtain a new access token. If this parameter is not set, the network policy for the account (if any) is used instead.
    • Configuration key: network_policy
    • Data Type: String
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to SCIM Integration Name.
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the SCIM Integration is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the SCIM Integration.
    • Configuration key: manage_mode
    • Data Type: String
    • Possible Values:
      • none
      • all(Default)

Basic syntax

scim_integrations:
<scim_integration-name>:
<configuration-key>: <value>

Examples

scim_integrations:
SCIM_INTEGRATION_1:
provisioner_role: "GENERIC_SCIM_PROVISIONER"
scim_client: "AZURE"
SCIM_INTEGRATION_2:
run_as_role: "GENERIC_SCIM_PROVISIONER"
scim_client: "AZURE"