Skip to content
Contact us

Data Management Release 25.07

Data Warehouse connectivity via Managed Identity – Azure-hosted clients

In anticipation of a mandatory change to Snowflake authentication protocols (Snowflake documentation here), the SimCorp Data Warehouse offers clients who host SimCorp Dimension on Azure the option to authenticate to Snowflake using an External OAuth service hosted in Azure.  From June 2026, usernames and passwords for service user type (which the Data Warehouse currently uses to authenticate) will no longer be supported by Snowflake.  The External OAuth functionality offers a more secure method for authenticating with Snowflake, which does not rely on the storage of credentials in Azure Keyvault.  Access to the OAuth Service uses the Azure Managed Identity of the machine hosting the Reporting Data Jobs Service in SimCorp Dimension.  

Benefits 

  • Enhanced security: By using External OAuth authentication, credentials are no longer stored in Azure Key vault, reducing the risk of credential leakage or misuse.
  • Future-proof compliance: The new method aligns with Snowflake’s upcoming authentication requirements, ensuring continued access and support beyond June 2026.
  • Integration with Azure: Leveraging Azure’s Managed Identity for authentication simplifies access management and enhances integration with existing Azure-hosted infrastructure.
DWH Schema Connections Window - Snowflake OAuth

Schema Connections Window in Data Warehouse with new Authorization Method for External OAuth.  Clients Specify the UID Managed Identity Client and Object ID to be used to authenticate with the OAuth Service.

Subscription based licensing

Data Warehouse Manager

Sales module dependency

Snowflake Extension for Data Warehouse

 

Azure Blob Storage authorization via Azure Managed Identity

Clients hosting SimCorp Dimension on Azure now have the option to authorize Azure Blob Storage using Azure Managed Identity instead of an access key. The Azure Managed Identity is used to obtain an access token via Microsoft Entra ID (formerly Azure Active Directory) authorization, enabling secure access to the required Blob Storage container. 

Benefits 

  • Improved aecurity: Eliminates the need to store and manage access keys, reducing the risk of accidental exposure or misuse of credentials.
  • Simplified access management: Authorization is handled automatically through Azure’s identity platform (Microsoft Entra ID), streamlining permissions and reducing administrative overhead.
  • Seamless integration with Azure Services: Managed identities are natively supported across Azure, enabling secure and consistent access to Blob Storage and other resources without additional configuration.
DWH Schema Connections Window with Managed Identity Storage Authentication

Schema Connections Window in Data Warehouse with Managed Identity specified as method of Authorization for Storage.  The Managed Identity to be used is saved as a parameter in the CNF.ini file in the SimCorp Dimension Netroot Directory.

Subscription based licensing

Data Warehouse Manager

Sales module dependency

Snowflake Extension for Data Warehouse

 

Snowflake Authentication via Key Pair

In anticipation of a mandatory change to Snowflake authentication protocols (Snowflake documentation here), the SimCorp Data Warehouse offers clients the ability to authenticate to Snowflake using the Key Pair authentication method.  From June 2026, username and password (which the Data Warehouse currently uses to authenticate) will no longer be supported.  The new functionality allows clients to generate a private key which is encrypted and saved into the SimCorp Database.  This private key is then paired with a public key which is assigned to the user in Snowflake.

Benefits 

  • Enhanced Security: Key Pair authentication eliminates the need for usernames and passwords, reducing the risk of credential theft and unauthorized access. The use of encrypted private keys stored securely in the SimCorp Database ensures a more robust authentication mechanism.
  • Future-Proof Compliance: By adopting Key Pair authentication ahead of the June 2026 deadline, clients ensure compliance with Snowflake’s upcoming mandatory authentication protocol changes, avoiding disruptions to data access and operations.
  • Simplified Configuration: Key Pair offers a more simplified flow for replacing Username and Password than using an OAuth service.
DWH Schema Connections Window with Private Key

Schema Connections Window in Data Warehouse with new Authorisation Method for Private Key.  Upon saving the configuration, the private key is encrypted and saved to the SimCorp Database. The public key can be retrieved from the Schema Creation Script.

Subscription based licensing

Data Warehouse Manager

Sales module dependency

Snowflake Extension for Data Warehouse

 

AWS S3 Bucket for Data Warehouse Storage

Clients now have the option of using an AWS S3 Bucket for exchange of data between SimCorp Dimension and Snowflake.  Prior to this version, only Azure Blob storage was supported.  Authorization to the S3 bucket is with access key only.

Benefits 

  • Increased flexibility: Clients can now choose between AWS S3 and Azure Blob Storage, enabling them to align data exchange processes with their preferred cloud infrastructure or existing cloud strategy.
  • Broader cloud compatibility: Supporting AWS S3 expands integration capabilities, making it easier for organizations already using AWS services to incorporate SimCorp Dimension and Snowflake into their workflows.
DWH Schema Connections Window with S3 Bucket for Storage

Schema Connections Window in Data Warehouse with S3 bucket selected as the Storage Provider. Authentication to the S3 bucket is with an access key.

Subscription based licensing

Data Warehouse Manager

Sales module dependency

Snowflake Extension for Data Warehouse

 

Cross Cloud Access to AWS hosted Snowflake and S3 Bucket

SaaS clients who are hosting SimCorp Dimension on Azure now have the option of integrating the SimCorp Data Warehouse with a Snowflake Account and Storage Solution (S3) hosted on AWS. In this configuration, Azure Managed Identity can be used to retrieve tokens from an Azure-based OAuth service, which grants access to both Snowflake and AWS S3 bucket.  In the case of the latter, the token for accessing the S3 bucket is retrieved from an AWS-hosted security token service.

Benefits 

  • Client-controlled storage compliance: Clients can manage their own AWS S3 storage, aligning data handling with internal security policies and regulatory requirements.
  • Seamless AWS integration: SaaS clients with existing AWS infrastructure can now integrate the SimCorp Data Warehouse while SCD is still hosted on Azure.
  • Secure and centralized authentication: By leveraging Azure Managed Identity and OAuth, clients benefit from a centralized, token-based authentication mechanism that securely grants access to both Snowflake and AWS S3 without managing separate credentials.
DWH Cross Cloud Architecture

Data Warehouse cross-cloud architecture.

DWH Schema Connections Window with Managed Identity used to Connect to Snowflake and AWS S3 with Man

Schema Connection window in Data Warehouse Manager with Azure Managed Identity used to access a Snowflake account and S3 Bucket hosted on AWS.

Subscription based licensing

Data Warehouse Manager

Sales module dependency

Snowflake Extension for Data Warehouse

Browse the Release Portal

IBOR

Learn more

Front Office

Learn More

Portfolio Analytics & Reporting

Learn More

ABOR

Learn More

Alternative Investments

Learn More

Data Management

Learn More

ESG

Learn More

  • Privacy policy
  • Cookie Policy
  • Terms of Use
  • Trademark guidelines

Copyright © 2025 SimCorp A/S