terraform-provider-snowflake icon indicating copy to clipboard operation
terraform-provider-snowflake copied to clipboard

Published 20 hours ago verified publisher icon Snowflake-Labs

Allow configuration of SYNC_PASSWORD setting for SCIM integration

Open ehluke opened this issue 3 years ago • 2 comments

We are seeing passwords being synchronized via the Terraform configured SCIM integration via Okta; which presents a security concern.

The Snowflake SCIM Integration supports a SYNC_PASSWORD property to disable this functionality, but it cannot currently be set via the Terraform provider.

We would like the Terraform provider to be able to optionally configure the SYNC_PASSWORD property as part of the "snowflake_scim_integration" (especially if using Okta).

Currently, the only option to set this property is outside of Terraform.

ehluke avatar Sep 20 '22 20:09 ehluke

This is an important setting for our setup. We want to completely disable the user of password basic auth for any user that is managed with Okta.

We currently have to manually go in after the fact and alter this setting via SQL.

bschwedler avatar May 28 '24 19:05 bschwedler

Hey @bschwedler. Thanks for reaching out to us.

We are adjusting this resource as part of https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#preparing-essential-ga-objects-for-the-provider-v1. This is already implemented in the SDK, resource definition should be updated soon.

sfc-gh-jmichalak avatar May 29 '24 06:05 sfc-gh-jmichalak

Hey @ehluke @bschwedler 👋 The new version v0.93.0 is adjusted and contains sync_password. Please follow the migration guide.

sfc-gh-jmichalak avatar Jul 11 '24 09:07 sfc-gh-jmichalak