Sharing an important update for everyone using the Snowflake Dynamic Query / Snowflake Cortex Analyst plugin.
Snowflake has announced that they are deprecating single-factor password sign-ins, including for service accounts. Once this enforcement begins, password-only authentication will stop working, and Snowflake will require MFA or non-password mechanisms for programmatic access.
Reference:
🔗 https://docs.snowflake.com/en/user-guide/security-mfa-rollout
Our Snowflake connectors today are set up using username + password. If these connectors remain unchanged, they may start failing with authentication errors when Snowflake completes this rollout.
Snowflake recommends migrating to one of the supported authentication methods for automated integrations:
Key-pair authentication (public/private key)
🔗 https://docs.snowflake.com/en/user-guide/key-pair-auth
Snowflake OAuth / External OAuth (JWT / client credentials)
🔗 https://docs.snowflake.com/en/user-guide/oauth
I’m posting this as a heads-up so the Moveworks team can:
- Review the current Snowflake plugin and connector authentication options.
- Update the official Moveworks documentation with the new recommended setup.
- Provide migration guidance for existing integrations.
- Ensure new implementations use a future-safe authentication method.
This will help avoid any unexpected outages in Moveworks use cases that depend on Snowflake queries (e.g., fetching customer account details, analytics fetches, etc.).
Hoping this helps the developer community stay ahead of the upcoming Snowflake changes.
