As part of a recent update, Snowflake has implemented mandatory multi-factor authentication (MFA) for certain users. While this change bolsters account protection, it may lead to disruptions or Connection authentication issues.
If your Snowflake Connection has recently stopped working or is experiencing issues, it's possible that the enforced MFA is the cause. This is particularly relevant for service accounts or non-human users that traditionally rely on password-based authentication.
Solution #1: Designate the Account as 'Legacy_Service'
For non-human accounts, temporarily setting the account type to 'LEGACY_SERVICE' can bypass MFA requirements. This approach allows continued operation without MFA interruptions.
To implement:
Execute the following SQL command as a Snowflake administrator.
Replace <service_user_name> with the actual username of your service account.
This is a temporary workaround, as Snowflake plans to deprecate the 'LEGACY_SERVICE' user type in late 2025. Refer to Snowflake's official documentation for timeline details.
Solution #2: Disable MFA Enrollment for the User
Alternatively, you can disable MFA enrollment for specific users, especially if MFA enforcement is causing operational issues.
To implement:
Execute the following SQL command as a Snowflake administrator.
Replace <service_user> with the actual username of your service account.
This action will cancel MFA enrollment for the selected user. Disabling MFA may conflict with existing policies that require MFA, potentially leading to errors or re-enrollment prompts. To mitigate this, create and apply an authentication policy that makes MFA optional.
To create the policy:
Execute the following SQL command, as a Snowflake administrator:
Then, apply the policy to the user:
For more detailed information on Snowflake's authentication policies, refer to Snowflake's official documentation.