Snowflake AAD Provisioning: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable

Published by moxlotus on

You are here because you have encountered the above error while setting up automatic user provision for Snowflake on Azure AD. The reason why this happened is due to Azure IP being blocked by snowflake. In order to resolve this, we need to first find out the Azure IP address that is being used here. To do that, run the following from your snowflake worksheet. Please replace the date with the date that belongs to the correct timezone. If your instance is running in the US, it is using the US timezone.

use role accountadmin;
use schema snowflake.information_schema;
  FROM TABLE(rest_event_history(
 WHERE details like '%FORBIDDEN%'
   AND DATE_TRUNC('DAY', event_timestamp) = '2023-02-06'
ORDER BY event_timestamp DESC;

After running the above query, you should see the IP address under the CLIENT_IP column.

Next white list ALL the IP addresses that you see under that column.

Go back to your provision page on azure and try again. This time it should succeed just like below.

Share it with others