Snowflake Notification: Mandatory multi-factor authentication on Snowsight login

[Snowflake Global Technical Support]

Snowflake is sending you this important message regarding an upcoming behavior change that may impact your account. Please read below for more details:

Dear Snowflake Customer,

Snowflake is sending you this important message regarding an upcoming behavior change that may impact your account.  Please read below for more details:

Why we’re contacting you:

You are receiving this email because Snowflake introduced a feature in BCR bundle 2025_06 (release 9.27) and your account may be impacted by this change. This bundle is expected to be enabled by default during the week of October 13, 2025. Please note dates are subject to change.

For more information on how you can manage behavior changes in your environment, please review the Behavior Change Policy. 

BCR-2097 is introducing an enforcement for all of your human users (TYPE = PERSON or TYPE = null) who log in with a password to Snowsight, requiring them to enroll in MFA to continue authentication successfully.

If you currently don't have an authentication policy, once BCR-2097 is enabled, users logging in with a password to Snowsight will now be required to enroll in MFA. This is no longer optional. If a user enrolls in MFA through this new UI enforcement flow, MFA will be required for all future password logins to Snowsight. MFA won't be required for other platforms, such as SnowSQL, or third-party applications like Tableau.

Note: If your account has an authentication policy, you may have received a seperate communication detailing the specific impact of these changes on your authentication flows.

What is changing?

Behavior before the Bundle is enabled on the account	Behavior after the Bundle is enabled on the account
A user has the choice to enroll in MFA. If they do enroll, they will be prompted for MFA only when logging in with a password. Users who have not enrolled in MFA can still log in with a password without a second factor of authentication.	This change introduces a new default behavior where human users logging into Snowsight with a password will now be required to enroll in MFA. If a user enrolls via this new UI enforcement flow, they will be required to use MFA for all future password logins to Snowsight. However, this specific UI-based enforcement does not apply to logins via other clients, such as drivers, Tableau, etc.

We’re here to help:
If you have any questions regarding this change, please open a case with our support team and reference BCR-2097.

Refer to the article Upcoming Multi-Factor Authentication (MFA) enforcement for Snowsight logins with single-factor passwords for more information about the incoming changes.

Sincerely,
Snowflake Global Technical Support

To provide the best experience and value to our customers, Snowflake is continually improving and enhancing our service offerings. As part of these ongoing efforts, changes to existing/established product behavior are sometimes required. Please see our behavior change policy to learn more about the process.

You received this email because you were identified as a contact for operational messages related to Snowflake.
Snowflake | Suite 3A, 106 East Babcock Street, Bozeman, Montana 59715