Link Search Menu Expand Document
Virtues

MFA mandatory for Snowflake ADMIN users

urn:js:virtue:aspire:standard:342.1

TL;DR

MFA is mandatory for Snowflake ADMIN users.

Definition

MFA is mandatory for Snowflake ADMIN users. MFA should be set up and confirmed before administration roles are granted to the ADMIN user profile.

Appendix

Optional - Misc details related to what is being proposed..

Adherance

The following SQL identifies any ADMIN user on Snowflake that has not got MFA set up:

select * from snowflake.account_usage.users where disabled = ‘false’ and deleted_on is null and name like ‘%\\_ADMIN’ escape ‘\\’ and name not like ‘SVC%’ and ext_authn_duo <> ‘true’;