Can DBT Cloud be setup to use MFA when connecting to Snowflake?

About

Asked 9/9, 2022 at 10:13 Answered 7/10, 2023 at 17:31

I have a Snowflake account that uses MFA. Logging in to Snowflake promtps for the MFA and I receive a push notification on my phone. Approving that logs me in. When setting up DBT Cloud it asks for details of the Snowflake account and then tries to test this. The cursor changes to the red circle / line and stays like that for a while before going back to normal and allowing the test to be run again. The Continue option remains greyed out. I expect the connection is timing out because Snowflake is waiting on the MFA to be approved, but as there is no notification in Duo there is nothing to approve. DBT docs have details of how to setup MFA for CLI but I can't see anything for DBT Cloud. Is MFA supported in DBT Cloud connections to Snowflake or should I just have a special Snowflake user that doesn't require MFA?

Andreaandreana answered 9/9, 2022 at 10:13 Comment(4)

If you log directly into the Snowflake account with the same details do you get a Duo push notification? – Maculate 10/9, 2022 at 21:32

Yes I do get the push notification when logging in directly to Snowflake. I am now getting a push notification when setting up the connection in DBT Cloud so not sure what was wrong before. However when I run even a single model in DBT Cloud I now get multiple push notifications (4 for one model). Is there a way to prevent this happening so that I only need approve the authentication once per execution of dbt_run or even once within a set time frame? How would this be expected to work if it were running a series of models on a schedule in a production environment? – Andreaandreana 12/9, 2022 at 7:53

Hi you should try the ALLOW_CLIENT_MFA_CACHING parameter documented here docs.snowflake.com/en/user-guide/… – Maculate 12/9, 2022 at 12:12

@Maculate got the same problem, we have this flag enabled and still getting a lot of pushes in DUO – Curley 13/10, 2022 at 6:52

Navigate to Deploy > Environments and select your development environment (or whatever other environment this is happening in).

Then click Settings > Edit and paste the following in the Extended Attributes section:

authenticator: username_password_mfa

You will still receive a Duo Push at the beginning of a session, but you shouldn't receive multiple notifications within the same dbt command.

As noted in the comments and here, you may also need an accountadmin to run the following SQL snippet in Snowflake:

alter account set allow_client_mfa_caching = true

Clute answered 7/10, 2023 at 17:31 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags