<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Snowflake Provisioning Is Not Working with Snowflake Privatelink
Mar 12, 2025
Okta Integration Network
Okta Classic Engine
Okta Identity Engine
Overview

When changing the Snowflake integration in Okta to use an AWS Privatelink or Azure Privatelink, the provisioning stops working, and the following error is received in Okta:


Error authenticating: null

Applies To
  • Snowflake
  • Provisioning
  • Provisioning error
Cause

The issue is caused by the current Okta provisioning not being supported over AWS Privatelink or Azure PrivateLink.

Solution

To use provisioning in conjunction with AWS Privatelink or Azure Privatelink for authentication, it is needed to have two separate applications for Snowflake in Okta. One application will be used for SSO (Authentication), and the second application for provisioning.

To create the second Snowflake application within Okta, the following steps are required:

Create the first Snowflake integration in Okta for authentication (SSO/SAML)

  1. Create a SAML Snowflake application in Okta for SSO:
    1. Set up a new SAML integration using "account.snowflakeregion.privatelink or organization-accountname.privatelink" for the subdomain value.
    2. Move to the Sign On tab, and in the Setting section, select SAML 2.0.
    3. Click the View Setup Instructions button (this will open a new tab web browser tab with the information necessary to configure the Snowflake side).


Create the second Snowflake integration (Provisioning)

  1. Change from account.snowflakeregion.privatelink or organization-accountname.privatelink to account.snowflakeregion or organization-accountname (Note .privatelink is not a part of the subdomain).
  2. Switch to the Sign On tab and select Secure Web Authentication and the desired username and password format.
  3. Set the second application for provisioning as usual.


NOTE:

  • If creating the second Snowflake integration in Okta is not desired, and AWS Privatelink or Azure PrivateLink is used to access Snowflake, ensure the PrivateLink URL is not used in the integration settings (subdomain section in Okta).
  • Enter the public endpoint (without .privatelink) and ensure that the network policy allows access from Okta IP addresses. Otherwise, the SCIM integration (provisioning) will not work.
     

Related References

Recommended content

Still looking for help?
Loading
Snowflake Provisioning Is Not Working with Snowflake Privatelink