RecordPoint now supports Microsoft Entra SSO for access to our Snowflake data warehouse, which powers our Enterprise Reporting and Analytics capabilities.
The following are the steps to enable SSO within your account. Steps will be performed either by Recordpoint or by the Customer, as indicated in the step title.
1. Contact your RecordPoint account manager and request SSO be enabled for Snowflake
From there RecordPoint will carry out a series of steps internally to get SSO setup. After those steps have been completed, we will require input from you. The steps RecordPoint will carry out include:
- Create a new Snowflake account
- Enable sharing for the account
- Create a shared database and warehouse in the new account
Once we have completed those steps, we will contact you to carry out the following steps.
2. Create a new Enterprise Application in Microsoft Entra
- In the Azure Portal, search for “Microsoft Entra ID” service.
- In the left menu, click on “Enterprise Applications”.
- Click on “+ New application”.
- In the “Search application” field of Microsoft Entra Gallery, enter “snowflake”.
- Click on “Snowflake for Microsoft Entra ID”.
- A pop-up form will appear.
- Enter an appropriate name, such as “Snowflake SSO”.
- Click on Create.
3. Add users or groups to the Snowflake SSO Enterprise Application
- In the Snowflake SSO Enterprise Application, and on the left menu, click on “Users and groups”.
- Add users or groups who will be using Snowflake.
4. Set up Single Sign-On (SSO) in the Enterprise Application
- In the Snowflake SSO Enterprise Application, in the left menu, click on “Single sign-on”.
- When selecting a single sign-on method, click on “SAML”.
- In the “Identity (Entity ID)” and “Reply URL” fields, enter the values provided by Recordpoint:
- Identifier: recordpoint-[TENANTNAME].snowflakecomputing.com
- Reply URL: recordpoint-[TENANTNAME].snowflakecomputing.com/fed/login
- Click on “Save”.
- Back in the Snowflake SSO Enterprise Application page, scroll down to the “SAML Certificates” section, at the “Federation Metadata XML” line, click on “Download”.
- Send this file securely to Recordpoint. (Recordpoint will provide instructions on how to do it securely.)
After completing this step, RecordPoint will do the following:
- Create security integration in Snowflake
- Update Snowflake URLs
Once you have received confirmation these steps have been completed, continue with the following steps:
5. Create users in Snowflake
- A user with ACCOUNTADMIN role will create users in Snowflake by logging in to recordpoint-[TENANTNAME].snowflakecomputing.com, and using the following command:
CREATE USER "username@customer.com" PASSWORD='' LOGIN_NAME='username@customer.com'
EMAIL='username@customer.com' DISPLAY_NAME='username@customer.com'
DEFAULT_ROLE='PUBLIC' DEFAULT_WAREHOUSE='QUERY_WH';
- Replace all instances of username@customer.com with the Entra ID’s email address.
6. Test Microsoft Entra SSO
- Test login from browser at https://recordpoint-[TENANTNAME].snowflakecomputing.com.
- Test login from PowerBI. Enter the following values:
- Server: [id].[region].azure.snowflakecomputing.com (id and region to be provided by Recordpoint)
- Warehouse: QUERY_WH
- Click on the “Microsoft Account” tab and the “Sign In” button. A browser will open. Log in using the Entra ID.
From there, inform Recordpoint that the tests are successful. We will finalise the process on our side and notify you when SSO is fully set up and ready to use.