SAML 2.0 in Okta Version 2022.05.1 E fails from CLI / Tableau Desktop


I’m using the native enterprise application ‘Snowflake’ and configured SAML 2.0 sign-on.
This authentication works fine from a web browser.
But with the same configuration, fails from the command line or from Tableau Desktop client application.

% snowsql -u user -a account_name --authenticator
250007 (08001): The specified authenticator and destination URL in the SAML assertion do not match: expected: https://*******, post back: /login/cert
If the error message is unclear, enable logging using -o log_level=DEBUG and see the log to find out the cause. Contact support for further help.

Tableau Desktop - error

  • An error occurred while communicating with Snowflake
    Unable to connect to the server. Check that the server is running and that you have access privileges to the requested database.
    Error Code: B19090E0
    There was an unknown connection error to the database. The error message below has additional information, but you might need to ask the database administrator to review the database logs.
    [Snowflake][Snowflake] (35)
    The specified authenticator and destination URL in Saml Assertion did not match, expected=https://******, post back=/login/cert


is MFA used? because it looks like MFA is not supported

The okta user doesn’t have MFA enabled.

This okta user is created as below:
In Okta, Directory → People → Add person → Entered values for fields ‘First Name’, ‘Last Name’, ‘Username’ and then Enabled ‘I will set password’ and entered password, unchecked ‘User must change password on first login’.

Nothing else done with this okta user.

Is MFA enabled by default for all the users in Okta version **** E ?

If so, How to disable MFA for the Okta user?

How to check if MFA was enabled or disabled for a Okta user ?

What is the difference between Okta **** C version and Okta ***** E version, with respect to user’s default MFA status?

With respect to Tableau Desktop client, this error happens only when I select the authentication option ‘Okta username and password’ and specify the ‘okta URL’ in the SAML Idp field.

I’m able to connect from Tableau Desktop client if I select the authentication option ‘Okta username and password’ and specify ‘externalbrowser’ in the SAML Idp field.

So the okta username, password authentication works thru external browser, but fails with this error when we try from any command line clients ( clients which doesn’t support MFA)