Snowflake AAD Provisioning: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable

Published by moxlotus on

You are here because you have encountered the above error while setting up automatic user provision for Snowflake on Azure AD. The reason why this happened is due to Azure IP being blocked by snowflake. In order to resolve this, we need to first find out the Azure IP address that is being used here. To do that, run the following from your snowflake worksheet. Please replace the date with the date that belongs to the correct timezone. If your instance is running in the US, it is using the US timezone.

use role accountadmin;
use schema snowflake.information_schema;
SELECT *
  FROM TABLE(rest_event_history(
        'scim',
        DATEADD('minutes',-3600,CURRENT_TIMESTAMP()),
        CURRENT_TIMESTAMP(),
        200))
 WHERE details like '%FORBIDDEN%'
   AND DATE_TRUNC('DAY', event_timestamp) = '2023-02-06'
ORDER BY event_timestamp DESC;

After running the above query, you should see the IP address under the CLIENT_IP column.

Next white list ALL the IP addresses that you see under that column.

Go back to your provision page on azure and try again. This time it should succeed just like below.

Share it with others
Categories: Uncategorized
Tags:

Related Posts

Uncategorized

Updating the fan speed for Supermicro

Download the IPMI utilities from supermicro website. Set the fan mode to full speed before updating the fan speed. ./SMCIPMITool <ip> <user> <password> ipmi raw 30 45 1 1 Setting the fans under cpu zone Read more…

Uncategorized

My very first wordpress article

My journey in IT has started since 2007. And it is only today that I have decided to share my life revolving around IT. From the download to set-up of wordpress, everything seems pretty straight forward Read more…