Snowflake v2.9.0, Nov 1 25

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

snowflake.AuthenticationPolicy

Start a Neo task

Explain and create a snowflake.AuthenticationPolicy resource

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

pulumi/pulumi-snowflake

Import

$ pulumi import snowflake:index/authenticationPolicy:AuthenticationPolicy example '"<database_name>"."<schema_name>"."<authentication_policy_name>"'

Create AuthenticationPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AuthenticationPolicy(name: string, args: AuthenticationPolicyArgs, opts?: CustomResourceOptions);

@overload
def AuthenticationPolicy(resource_name: str,
                         args: AuthenticationPolicyArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def AuthenticationPolicy(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         database: Optional[str] = None,
                         schema: Optional[str] = None,
                         authentication_methods: Optional[Sequence[str]] = None,
                         client_types: Optional[Sequence[str]] = None,
                         comment: Optional[str] = None,
                         mfa_authentication_methods: Optional[Sequence[str]] = None,
                         mfa_enrollment: Optional[str] = None,
                         mfa_policy: Optional[AuthenticationPolicyMfaPolicyArgs] = None,
                         name: Optional[str] = None,
                         pat_policy: Optional[AuthenticationPolicyPatPolicyArgs] = None,
                         security_integrations: Optional[Sequence[str]] = None,
                         workload_identity_policy: Optional[AuthenticationPolicyWorkloadIdentityPolicyArgs] = None)

func NewAuthenticationPolicy(ctx *Context, name string, args AuthenticationPolicyArgs, opts ...ResourceOption) (*AuthenticationPolicy, error)

public AuthenticationPolicy(string name, AuthenticationPolicyArgs args, CustomResourceOptions? opts = null)

public AuthenticationPolicy(String name, AuthenticationPolicyArgs args)
public AuthenticationPolicy(String name, AuthenticationPolicyArgs args, CustomResourceOptions options)

type: snowflake:AuthenticationPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AuthenticationPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AuthenticationPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AuthenticationPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AuthenticationPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AuthenticationPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var authenticationPolicyResource = new Snowflake.AuthenticationPolicy("authenticationPolicyResource", new()
{
    Database = "string",
    Schema = "string",
    AuthenticationMethods = new[]
    {
        "string",
    },
    ClientTypes = new[]
    {
        "string",
    },
    Comment = "string",
    MfaEnrollment = "string",
    MfaPolicy = new Snowflake.Inputs.AuthenticationPolicyMfaPolicyArgs
    {
        AllowedMethods = new[]
        {
            "string",
        },
        EnforceMfaOnExternalAuthentication = "string",
    },
    Name = "string",
    PatPolicy = new Snowflake.Inputs.AuthenticationPolicyPatPolicyArgs
    {
        DefaultExpiryInDays = 0,
        MaxExpiryInDays = 0,
        NetworkPolicyEvaluation = "string",
    },
    SecurityIntegrations = new[]
    {
        "string",
    },
    WorkloadIdentityPolicy = new Snowflake.Inputs.AuthenticationPolicyWorkloadIdentityPolicyArgs
    {
        AllowedAwsAccounts = new[]
        {
            "string",
        },
        AllowedAzureIssuers = new[]
        {
            "string",
        },
        AllowedOidcIssuers = new[]
        {
            "string",
        },
        AllowedProviders = new[]
        {
            "string",
        },
    },
});

example, err := snowflake.NewAuthenticationPolicy(ctx, "authenticationPolicyResource", &snowflake.AuthenticationPolicyArgs{
	Database: pulumi.String("string"),
	Schema:   pulumi.String("string"),
	AuthenticationMethods: pulumi.StringArray{
		pulumi.String("string"),
	},
	ClientTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Comment:       pulumi.String("string"),
	MfaEnrollment: pulumi.String("string"),
	MfaPolicy: &snowflake.AuthenticationPolicyMfaPolicyArgs{
		AllowedMethods: pulumi.StringArray{
			pulumi.String("string"),
		},
		EnforceMfaOnExternalAuthentication: pulumi.String("string"),
	},
	Name: pulumi.String("string"),
	PatPolicy: &snowflake.AuthenticationPolicyPatPolicyArgs{
		DefaultExpiryInDays:     pulumi.Int(0),
		MaxExpiryInDays:         pulumi.Int(0),
		NetworkPolicyEvaluation: pulumi.String("string"),
	},
	SecurityIntegrations: pulumi.StringArray{
		pulumi.String("string"),
	},
	WorkloadIdentityPolicy: &snowflake.AuthenticationPolicyWorkloadIdentityPolicyArgs{
		AllowedAwsAccounts: pulumi.StringArray{
			pulumi.String("string"),
		},
		AllowedAzureIssuers: pulumi.StringArray{
			pulumi.String("string"),
		},
		AllowedOidcIssuers: pulumi.StringArray{
			pulumi.String("string"),
		},
		AllowedProviders: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
})

var authenticationPolicyResource = new AuthenticationPolicy("authenticationPolicyResource", AuthenticationPolicyArgs.builder()
    .database("string")
    .schema("string")
    .authenticationMethods("string")
    .clientTypes("string")
    .comment("string")
    .mfaEnrollment("string")
    .mfaPolicy(AuthenticationPolicyMfaPolicyArgs.builder()
        .allowedMethods("string")
        .enforceMfaOnExternalAuthentication("string")
        .build())
    .name("string")
    .patPolicy(AuthenticationPolicyPatPolicyArgs.builder()
        .defaultExpiryInDays(0)
        .maxExpiryInDays(0)
        .networkPolicyEvaluation("string")
        .build())
    .securityIntegrations("string")
    .workloadIdentityPolicy(AuthenticationPolicyWorkloadIdentityPolicyArgs.builder()
        .allowedAwsAccounts("string")
        .allowedAzureIssuers("string")
        .allowedOidcIssuers("string")
        .allowedProviders("string")
        .build())
    .build());

authentication_policy_resource = snowflake.AuthenticationPolicy("authenticationPolicyResource",
    database="string",
    schema="string",
    authentication_methods=["string"],
    client_types=["string"],
    comment="string",
    mfa_enrollment="string",
    mfa_policy={
        "allowed_methods": ["string"],
        "enforce_mfa_on_external_authentication": "string",
    },
    name="string",
    pat_policy={
        "default_expiry_in_days": 0,
        "max_expiry_in_days": 0,
        "network_policy_evaluation": "string",
    },
    security_integrations=["string"],
    workload_identity_policy={
        "allowed_aws_accounts": ["string"],
        "allowed_azure_issuers": ["string"],
        "allowed_oidc_issuers": ["string"],
        "allowed_providers": ["string"],
    })

const authenticationPolicyResource = new snowflake.AuthenticationPolicy("authenticationPolicyResource", {
    database: "string",
    schema: "string",
    authenticationMethods: ["string"],
    clientTypes: ["string"],
    comment: "string",
    mfaEnrollment: "string",
    mfaPolicy: {
        allowedMethods: ["string"],
        enforceMfaOnExternalAuthentication: "string",
    },
    name: "string",
    patPolicy: {
        defaultExpiryInDays: 0,
        maxExpiryInDays: 0,
        networkPolicyEvaluation: "string",
    },
    securityIntegrations: ["string"],
    workloadIdentityPolicy: {
        allowedAwsAccounts: ["string"],
        allowedAzureIssuers: ["string"],
        allowedOidcIssuers: ["string"],
        allowedProviders: ["string"],
    },
});

type: snowflake:AuthenticationPolicy
properties:
    authenticationMethods:
        - string
    clientTypes:
        - string
    comment: string
    database: string
    mfaEnrollment: string
    mfaPolicy:
        allowedMethods:
            - string
        enforceMfaOnExternalAuthentication: string
    name: string
    patPolicy:
        defaultExpiryInDays: 0
        maxExpiryInDays: 0
        networkPolicyEvaluation: string
    schema: string
    securityIntegrations:
        - string
    workloadIdentityPolicy:
        allowedAwsAccounts:
            - string
        allowedAzureIssuers:
            - string
        allowedOidcIssuers:
            - string
        allowedProviders:
            - string

AuthenticationPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AuthenticationPolicy resource accepts the following input properties:

Database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
AuthenticationMethods List<string>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
ClientTypes List<string>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
Comment string: Specifies a comment for the authentication policy.
MfaAuthenticationMethods List<string>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
MfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
MfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
Name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
PatPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
SecurityIntegrations List<string>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
WorkloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

Database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
AuthenticationMethods []string: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
ClientTypes []string: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
Comment string: Specifies a comment for the authentication policy.
MfaAuthenticationMethods []string: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
MfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
MfaPolicy AuthenticationPolicyMfaPolicyArgs: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
Name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
PatPolicy AuthenticationPolicyPatPolicyArgs: Specifies the policy for programmatic access tokens.
SecurityIntegrations []string: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
WorkloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicyArgs: Specifies the policy for workload identity federation.

database String: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
authenticationMethods List<String>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes List<String>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment String: Specifies a comment for the authentication policy.
mfaAuthenticationMethods List<String>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment String: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name String: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
securityIntegrations List<String>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
workloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
authenticationMethods string[]: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes string[]: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment string: Specifies a comment for the authentication policy.
mfaAuthenticationMethods string[]: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
securityIntegrations string[]: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
workloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

database str: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema str: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
authentication_methods Sequence[str]: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
client_types Sequence[str]: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment str: Specifies a comment for the authentication policy.
mfa_authentication_methods Sequence[str]: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfa_enrollment str: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfa_policy AuthenticationPolicyMfaPolicyArgs: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name str: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
pat_policy AuthenticationPolicyPatPolicyArgs: Specifies the policy for programmatic access tokens.
security_integrations Sequence[str]: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
workload_identity_policy AuthenticationPolicyWorkloadIdentityPolicyArgs: Specifies the policy for workload identity federation.

database String: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
authenticationMethods List<String>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes List<String>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment String: Specifies a comment for the authentication policy.
mfaAuthenticationMethods List<String>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment String: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy Property Map: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name String: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy Property Map: Specifies the policy for programmatic access tokens.
securityIntegrations List<String>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
workloadIdentityPolicy Property Map: Specifies the policy for workload identity federation.

Outputs

All input properties are implicitly available as output properties. Additionally, the AuthenticationPolicy resource produces the following output properties:

DescribeOutputs List<AuthenticationPolicyDescribeOutput>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
ShowOutputs List<AuthenticationPolicyShowOutput>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

DescribeOutputs []AuthenticationPolicyDescribeOutput: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
ShowOutputs []AuthenticationPolicyShowOutput: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

describeOutputs List<AuthenticationPolicyDescribeOutput>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
showOutputs List<AuthenticationPolicyShowOutput>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

describeOutputs AuthenticationPolicyDescribeOutput[]: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
id string: The provider-assigned unique ID for this managed resource.
showOutputs AuthenticationPolicyShowOutput[]: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

describe_outputs Sequence[AuthenticationPolicyDescribeOutput]: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
id str: The provider-assigned unique ID for this managed resource.
show_outputs Sequence[AuthenticationPolicyShowOutput]: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

describeOutputs List<Property Map>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
showOutputs List<Property Map>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.

Look up Existing AuthenticationPolicy Resource

Get an existing AuthenticationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthenticationPolicyState, opts?: CustomResourceOptions): AuthenticationPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authentication_methods: Optional[Sequence[str]] = None,
        client_types: Optional[Sequence[str]] = None,
        comment: Optional[str] = None,
        database: Optional[str] = None,
        describe_outputs: Optional[Sequence[AuthenticationPolicyDescribeOutputArgs]] = None,
        fully_qualified_name: Optional[str] = None,
        mfa_authentication_methods: Optional[Sequence[str]] = None,
        mfa_enrollment: Optional[str] = None,
        mfa_policy: Optional[AuthenticationPolicyMfaPolicyArgs] = None,
        name: Optional[str] = None,
        pat_policy: Optional[AuthenticationPolicyPatPolicyArgs] = None,
        schema: Optional[str] = None,
        security_integrations: Optional[Sequence[str]] = None,
        show_outputs: Optional[Sequence[AuthenticationPolicyShowOutputArgs]] = None,
        workload_identity_policy: Optional[AuthenticationPolicyWorkloadIdentityPolicyArgs] = None) -> AuthenticationPolicy

func GetAuthenticationPolicy(ctx *Context, name string, id IDInput, state *AuthenticationPolicyState, opts ...ResourceOption) (*AuthenticationPolicy, error)

public static AuthenticationPolicy Get(string name, Input<string> id, AuthenticationPolicyState? state, CustomResourceOptions? opts = null)

public static AuthenticationPolicy get(String name, Output<String> id, AuthenticationPolicyState state, CustomResourceOptions options)

resources:  _:    type: snowflake:AuthenticationPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AuthenticationMethods List<string>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
ClientTypes List<string>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
Comment string: Specifies a comment for the authentication policy.
Database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
DescribeOutputs List<AuthenticationPolicyDescribeOutput>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
MfaAuthenticationMethods List<string>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
MfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
MfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
Name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
PatPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
Schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SecurityIntegrations List<string>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
ShowOutputs List<AuthenticationPolicyShowOutput>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
WorkloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

AuthenticationMethods []string: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
ClientTypes []string: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
Comment string: Specifies a comment for the authentication policy.
Database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
DescribeOutputs []AuthenticationPolicyDescribeOutputArgs: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
MfaAuthenticationMethods []string: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
MfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
MfaPolicy AuthenticationPolicyMfaPolicyArgs: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
Name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
PatPolicy AuthenticationPolicyPatPolicyArgs: Specifies the policy for programmatic access tokens.
Schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SecurityIntegrations []string: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
ShowOutputs []AuthenticationPolicyShowOutputArgs: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
WorkloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicyArgs: Specifies the policy for workload identity federation.

authenticationMethods List<String>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes List<String>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment String: Specifies a comment for the authentication policy.
database String: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs List<AuthenticationPolicyDescribeOutput>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
mfaAuthenticationMethods List<String>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment String: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name String: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
schema String: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
securityIntegrations List<String>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
showOutputs List<AuthenticationPolicyShowOutput>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
workloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

authenticationMethods string[]: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes string[]: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment string: Specifies a comment for the authentication policy.
database string: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs AuthenticationPolicyDescribeOutput[]: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
mfaAuthenticationMethods string[]: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment string: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy AuthenticationPolicyMfaPolicy: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name string: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy AuthenticationPolicyPatPolicy: Specifies the policy for programmatic access tokens.
schema string: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
securityIntegrations string[]: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
showOutputs AuthenticationPolicyShowOutput[]: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
workloadIdentityPolicy AuthenticationPolicyWorkloadIdentityPolicy: Specifies the policy for workload identity federation.

authentication_methods Sequence[str]: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
client_types Sequence[str]: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment str: Specifies a comment for the authentication policy.
database str: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describe_outputs Sequence[AuthenticationPolicyDescribeOutputArgs]: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
mfa_authentication_methods Sequence[str]: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfa_enrollment str: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfa_policy AuthenticationPolicyMfaPolicyArgs: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name str: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
pat_policy AuthenticationPolicyPatPolicyArgs: Specifies the policy for programmatic access tokens.
schema str: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
security_integrations Sequence[str]: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
show_outputs Sequence[AuthenticationPolicyShowOutputArgs]: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
workload_identity_policy AuthenticationPolicyWorkloadIdentityPolicyArgs: Specifies the policy for workload identity federation.

authenticationMethods List<String>: A list of authentication methods that are allowed during login. Valid values are (case-insensitive): ALL | SAML | PASSWORD | OAUTH | KEYPAIR | PROGRAMMATIC_ACCESS_TOKEN | WORKLOAD_IDENTITY.
clientTypes List<String>: A list of clients that can authenticate with Snowflake. If a client tries to connect, and the client is not one of the valid client_types, then the login attempt fails. Valid values are (case-insensitive): ALL | SNOWFLAKE_UI | DRIVERS | SNOWSQL | SNOWFLAKE_CLI. The client_types property of an authentication policy is a best effort method to block user logins based on specific clients. It should not be used as the sole control to establish a security boundary.
comment String: Specifies a comment for the authentication policy.
database String: The database in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs List<Property Map>: Outputs the result of DESCRIBE AUTHENTICATION POLICY for the given policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
mfaAuthenticationMethods List<String>: A list of authentication methods that enforce multi-factor authentication (MFA) during login. Authentication methods not listed in this parameter do not prompt for multi-factor authentication. Allowed values are ALL | SAML | PASSWORD.
Deprecated: This field is deprecated and will be removed in the future. The new field ENFORCE_MFA_ON_EXTERNAL_AUTHENTICATION will be added in the next versions of the provider. Read our BCR Migration Guide for more migration steps and more details.
mfaEnrollment String: Determines whether a user must enroll in multi-factor authentication. Valid values are (case-insensitive): REQUIRED | REQUIRED_PASSWORD_ONLY | OPTIONAL. When REQUIRED is specified, Enforces users to enroll in MFA. If this value is used, then the client_types parameter must include snowflake_ui, because Snowsight is the only place users can enroll in multi-factor authentication (MFA).
mfaPolicy Property Map: Specifies the multi-factor authentication (MFA) methods that users can use as a second factor of authentication.
name String: Specifies the identifier for the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
patPolicy Property Map: Specifies the policy for programmatic access tokens.
schema String: The schema in which to create the authentication policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
securityIntegrations List<String>: A list of security integrations the authentication policy is associated with. This parameter has no effect when saml or oauth are not in the authentication_methods list. All values in the security_integrations list must be compatible with the values in the authentication_methods list. For example, if security_integrations contains a SAML security integration, and authentication_methods contains OAUTH, then you cannot create the authentication policy. To allow all security integrations use ALL as parameter.
showOutputs List<Property Map>: Outputs the result of SHOW AUTHENTICATION POLICIES for the given policy.
workloadIdentityPolicy Property Map: Specifies the policy for workload identity federation.

Supporting Types

AuthenticationPolicyDescribeOutput, AuthenticationPolicyDescribeOutputArgs

AuthenticationMethods string
ClientTypes string
Comment string
MfaAuthenticationMethods string
MfaEnrollment string
MfaPolicy string
Name string
Owner string
PatPolicy string
SecurityIntegrations string
WorkloadIdentityPolicy string

AuthenticationMethods string
ClientTypes string
Comment string
MfaAuthenticationMethods string
MfaEnrollment string
MfaPolicy string
Name string
Owner string
PatPolicy string
SecurityIntegrations string
WorkloadIdentityPolicy string

authenticationMethods String
clientTypes String
comment String
mfaAuthenticationMethods String
mfaEnrollment String
mfaPolicy String
name String
owner String
patPolicy String
securityIntegrations String
workloadIdentityPolicy String

authenticationMethods string
clientTypes string
comment string
mfaAuthenticationMethods string
mfaEnrollment string
mfaPolicy string
name string
owner string
patPolicy string
securityIntegrations string
workloadIdentityPolicy string

authentication_methods str
client_types str
comment str
mfa_authentication_methods str
mfa_enrollment str
mfa_policy str
name str
owner str
pat_policy str
security_integrations str
workload_identity_policy str

authenticationMethods String
clientTypes String
comment String
mfaAuthenticationMethods String
mfaEnrollment String
mfaPolicy String
name String
owner String
patPolicy String
securityIntegrations String
workloadIdentityPolicy String

AuthenticationPolicyMfaPolicy, AuthenticationPolicyMfaPolicyArgs

AllowedMethods List<string>
EnforceMfaOnExternalAuthentication string: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

AllowedMethods []string
EnforceMfaOnExternalAuthentication string: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

allowedMethods List<String>
enforceMfaOnExternalAuthentication String: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

allowedMethods string[]
enforceMfaOnExternalAuthentication string: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

allowed_methods Sequence[str]
enforce_mfa_on_external_authentication str: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

allowedMethods List<String>
enforceMfaOnExternalAuthentication String: Determines whether multi-factor authentication (MFA) is enforced on external authentication. Valid values are (case-insensitive): ALL | NONE.

AuthenticationPolicyPatPolicy, AuthenticationPolicyPatPolicyArgs

DefaultExpiryInDays int: Specifies the default expiration time (in days) for a programmatic access token.
MaxExpiryInDays int: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
NetworkPolicyEvaluation string: Specifies the network policy evaluation for the PAT.

DefaultExpiryInDays int: Specifies the default expiration time (in days) for a programmatic access token.
MaxExpiryInDays int: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
NetworkPolicyEvaluation string: Specifies the network policy evaluation for the PAT.

defaultExpiryInDays Integer: Specifies the default expiration time (in days) for a programmatic access token.
maxExpiryInDays Integer: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
networkPolicyEvaluation String: Specifies the network policy evaluation for the PAT.

defaultExpiryInDays number: Specifies the default expiration time (in days) for a programmatic access token.
maxExpiryInDays number: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
networkPolicyEvaluation string: Specifies the network policy evaluation for the PAT.

default_expiry_in_days int: Specifies the default expiration time (in days) for a programmatic access token.
max_expiry_in_days int: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
network_policy_evaluation str: Specifies the network policy evaluation for the PAT.

defaultExpiryInDays Number: Specifies the default expiration time (in days) for a programmatic access token.
maxExpiryInDays Number: Specifies the maximum number of days that can be set for the expiration time for a programmatic access token.
networkPolicyEvaluation String: Specifies the network policy evaluation for the PAT.

AuthenticationPolicyShowOutput, AuthenticationPolicyShowOutputArgs

Comment string
CreatedOn string
DatabaseName string
Kind string
Name string
Options string
Owner string
OwnerRoleType string
SchemaName string

Comment string
CreatedOn string
DatabaseName string
Kind string
Name string
Options string
Owner string
OwnerRoleType string
SchemaName string

comment String
createdOn String
databaseName String
kind String
name String
options String
owner String
ownerRoleType String
schemaName String

comment string
createdOn string
databaseName string
kind string
name string
options string
owner string
ownerRoleType string
schemaName string

comment str
created_on str
database_name str
kind str
name str
options str
owner str
owner_role_type str
schema_name str

comment String
createdOn String
databaseName String
kind String
name String
options String
owner String
ownerRoleType String
schemaName String

AuthenticationPolicyWorkloadIdentityPolicy, AuthenticationPolicyWorkloadIdentityPolicyArgs

AllowedAwsAccounts List<string>: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
AllowedAzureIssuers List<string>: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
AllowedOidcIssuers List<string>: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
AllowedProviders List<string>

AllowedAwsAccounts []string: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
AllowedAzureIssuers []string: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
AllowedOidcIssuers []string: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
AllowedProviders []string

allowedAwsAccounts List<String>: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
allowedAzureIssuers List<String>: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
allowedOidcIssuers List<String>: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
allowedProviders List<String>

allowedAwsAccounts string[]: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
allowedAzureIssuers string[]: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
allowedOidcIssuers string[]: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
allowedProviders string[]

allowed_aws_accounts Sequence[str]: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
allowed_azure_issuers Sequence[str]: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
allowed_oidc_issuers Sequence[str]: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
allowed_providers Sequence[str]

allowedAwsAccounts List<String>: Specifies the list of AWS account IDs allowed by the authentication policy during workload identity authentication of type AWS.
allowedAzureIssuers List<String>: Specifies the list of Azure Entra ID issuers allowed by the authentication policy during workload identity authentication of type AZURE.
allowedOidcIssuers List<String>: Specifies the list of OIDC issuers allowed by the authentication policy during workload identity authentication of type OIDC.
allowedProviders List<String>

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Snowflake v2.9.0 published on Saturday, Nov 1, 2025 by Pulumi

pulumi/pulumi-snowflake

snowflake.AuthenticationPolicy

On this page

On this page

Import

Create AuthenticationPolicy Resource

Constructor syntax

Parameters

Constructor example

AuthenticationPolicy Resource Properties

Inputs

Outputs

Look up Existing AuthenticationPolicy Resource

Supporting Types

AuthenticationPolicyDescribeOutput, AuthenticationPolicyDescribeOutputArgs

AuthenticationPolicyMfaPolicy, AuthenticationPolicyMfaPolicyArgs

AuthenticationPolicyPatPolicy, AuthenticationPolicyPatPolicyArgs

AuthenticationPolicyShowOutput, AuthenticationPolicyShowOutputArgs

AuthenticationPolicyWorkloadIdentityPolicy, AuthenticationPolicyWorkloadIdentityPolicyArgs

Package Details

On this page

On this page