SnowPro Advanced: Architect — Question 47

A company is using a Snowflake account in Azure. The account has SAML SSO set up using ADFS as a SCIM identity provider. To validate Private Link connectivity, an Architect performed the following steps:
Confirmed Private Link URLs are working by logging in with a username/password account
Verified DNS resolution by running nslookups against Private Link URLs
Validated connectivity using SnowCD
Disabled public access using a network policy set to use the company’s IP address range
However, the following error message is received when using SSO to log into the company account:
IP XX.XXX.XX.XX is not allowed to access snowflake. Contact your local security administrator.
What steps should the Architect take to resolve this error and ensure that the account is accessed using only Private Link? (Choose two.)

Answer options

• A. Alter the Azure security integration to use the Private Link URLs.
• B. Add the IP address in the error message to the allowed list in the network policy.
• C. Generate a new SCIM access token using system$generate_scim_access_token and save it to Azure AD.
• D. Update the configuration of the Azure AD SSO to use the Private Link URLs.
• E. Open a case with Snowflake Support to authorize the Private Link URLs’ access to the account.

Correct answer: A, D

Explanation

The correct options, A and D, are necessary to ensure that the account properly utilizes Private Link URLs for access, aligning with the security policies in place. Options B, C, and E do not directly address the need to adjust the integration or SSO settings to ensure compatibility with Private Link, which is essential for resolving the connectivity issue.