Slingshot for Snowflake
Configurations
Sign in & security

Sign in & security

Overview

By default, a Slingshot tenant is set up for multi-factor authentication (MFA), for which Slingshot stores user’s credentials and requires a user to present a time-based one-time password (OTP).

A Slingshot tenant who prefers users to sign in to Slingshot through an existing identity provider (IdP) can integrate SSO authentication with Slingshot instead. To learn more, refer to Configure SSO below.

Multi factor authentication

In a Slingshot tenant set up for MFA, as a new user, you will receive an email from Slingshot to register your user account in just a few short steps.

ℹ️
Tip: To ensure you receive our emails, add notifications@capitaloneslingshot.com to safe sender list.

  1. On the email, click Create password.
    ℹ️
    Note: Only the latest password link is valid. If a password link has expired, either look for the latest email in your inbox, or access your tenant URL and select Forgot password to get a new email. See Forgot password.
  2. Enter your tenant name included in the email.
  3. Sign in to your Slingshot account.
  4. Set up 2-step verification using your authenticator app.
    ℹ️
    Tip: Need an authenticator app? Download one from your mobile app store.
  5. Save your recovery code in a safe place.
  6. Done!

Forgot password

A user can reset their password in a few simple steps at any point, even when they have not created a password.

  1. Select Forgot password.
  2. Enter email address and click Send email.
  3. Check your email inbox.
  4. On the email, click Reset password to proceed.

Single sign on

  • In a Slingshot tenant set up for SSO, you will be directed to your organization’s SSO page after identifying your tenant.

Configure SSO

Slingshot supports SSO authentication via SAML 2.0 (Security Assertion Markup Language) and service provider-initiated authentication.

Before you start configuring SSO, it is important to know that

  • Setup takes about 30 minutes to complete and requires access to managing your company’s IdP.
  • You will need to be comfortable configuring your IdP or work with your IT administrator.
  • You will need to ensure your team is aware of the upcoming signing out (as the final step of setup) and tenant name and URL change.

Once SSO is configured, the following will apply:

  • Completing the setup will sign out all users.

  • All users will no longer sign in via MFA and will be required to sign in using your identity provider.

  • Tenant name will have a “sso” suffix. Example:

    • When MFA is set up, tenant name is company
    • After SSO is set up, tenant name is companysso
    ℹ️

Role for configuring SSO

  • Tenant admin (You will need to be comfortable configuring your IdP or work with your IT administrator)

Step 1: Begin setup

  1. To configure SSO, go to Configuration > Sign in & Security.
  2. You will see Update to Single Sign On.
    ℹ️
    Note: This is a preview feature. Contact Support to enable or learn more.
  3. Click Update to SSO.
  4. Read the instructions before clicking Continue.
  5. Enter at least 1 LDAP group name to be the Tenant admin and click Continue. Learn more about Tenant admin in Roles and assigning users in User management.
    ℹ️
    Note: LDAP group names must exactly match the value and case in your IdP.
  6. A new tab will open. Follow the setup wizard then return to Slingshot to complete.

Step 2: Follow the setup wizard

While the exact requirements for configuring SSO vary by IdP, the general workflow for the external setup wizard includes the following:

  • Select Identity Provider
    • Entra ID
    • Custom SAML (This option is compatible with IdPs that support SAML, including Okta)
  • Create Application

    • Follow instructions to create a Slingshot application in your IdP

    • You may be asked to copy and paste the following in the corresponding field in your IdP

      • Single Sign-On URL (also known as Assertion Consumer Service URL, Callback URL, Redirect URL)
      • Service Provider Entity ID (also known as Audience URI)
      ℹ️

      Tip:

  • Configure Connection
    • Follow instructions to copy information from your IdP, such as Metadata URL, Domain, Client ID and Client secret
      ℹ️

      Note:

      • For Entra ID, copy Client secret expiration and send to Support for tracking
      • For SAML, certificate will be handled by the wizard
    • You may be asked to copy and paste the following in the corresponding field in your IdP
      • Single Sign-On URL (also known as Assertion Consumer Service URL, Callback URL, Redirect URL)
  • Attribute Mapping
    • Review the required and optional user attributes you must capture through SSO connection
    • Set name ID format to “unspecified”
    • Map the following attributes
      • User attribute statements
        • firstName
        • lastName
        • Email
      • Group attribute statements
        • groups
  • Test SSO
    • Click Test connection to open a new tab which redirects you to log in with your IdP
    • You will see “Testing complete!”
    • Return to the setup wizard to review the test and confirm that the correct attributes are being passed.
    • Click Enable connection.
    • Click Proceed to allow for SSO access to Slingshot.
    • You will see “The connection has been enabled”.

Step 3: Complete setup

After enabling the connection in the setup wizard, return to Slingshot’s Configuration > Sign in & Security page.

  1. On the Action required to finish enable SSO banner, click Continue to enable to open the next dialog.
  2. As a final step, ensure your team is aware of this change before clicking Sign out all users
  3. You will also be signed out
  4. The next time you sign in with the new tenant name / URL and go to Configuration > Sign in & Security, you will see the identification login method is now SSO.

FAQs

Roles