Snowflake provisioning flow fails with the following error visible in the Okta dashboard:

Automatic provisioning of user <username> to app Snowflake failed: Error while verifying if user <username> exists: Unauthorized. Errors reported by remote server: Access token expired
 

• Snowflake
• Provisioning
• Error

1. The Snowflake configuration process creates a System for Cross-domain Identity Management (SCIM) security integration to allow users and roles created in Okta to be owned by the OKTA_PROVISIONER SCIM role in Snowflake. It also creates an access token to use in SCIM API requests. The access token is valid for six months.

   1. Upon expiration, create a new access token manually. Refer to this Snowflake Configuration Guide to generate the access token on the Snowflake side.

   2. Create and copy the authorization token to the clipboard and store it securely for later use. This authorization token will be entered in the API Token field in the Provisioning tab of the Snowflake application in Okta.

2. Go to Okta Admin Console and navigate to Applications > Applications > Snowflake > Provisioning > Integration > Edit.

3. Enter the correct API token generated in Step 1 and click Test API Credentials.

4. A message confirming successful authentication will appear. Click Save.

5. Attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.

6. After locating the failed task for the user that should be retried, click on Retry Selected.

Related References

• Snowflake: Configuration Guide