diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md
index 88e1c821390..68aa7c87a5c 100644
--- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md
+++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md
@@ -33,6 +33,31 @@ to authenticate dbt Cloud to run queries against Snowflake on behalf of a Snowfl
**Note**: The schema field in the **Developer Credentials** section is a required field.
+### Snowflake MFA
+
+**Prerequisites:**
+- A development environment in a dbt Cloud project
+- The Duo authentication app
+- Admin access to Snowflake (if MFA settings haven't already been applied to the account)
+- [Admin (write) access](/docs/cloud/manage-access/seats-and-users) to dbt Cloud environments
+
+dbt Cloud supports Snowflake's [multi-factor authentication (MFA)](https://docs.snowflake.com/en/user-guide/security-mfa) as another username and password option for increased login security. Snowflake's MFA support is powered by the Duo Security service.
+
+- In dbt Cloud, set the following [extended attribute](/docs/dbt-cloud-environments#extended-attributes) in the development environment **General settings** page, under the **Extended attributes** section:
+
+ ```yaml
+ authenticator: username_password_mfa
+ ```
+
+- To reduce the number of user prompts when connecting to Snowflake with MFA, [enable token caching](https://docs.snowflake.com/en/user-guide/security-mfa#using-mfa-token-caching-to-minimize-the-number-of-prompts-during-authentication-optional) in Snowflake.
+- Optionally, if users miss prompts and their Snowflake accounts get locked, you can prevent automatic retries by adding the following in the same **Extended attributes** section:
+
+ ```yaml
+ connect_retries: 0
+ ```
+
+
+
### Key pair
**Available in:** Development environments, Deployment environments
@@ -67,15 +92,16 @@ The `Keypair` auth method uses Snowflake's [Key Pair Authentication](https://doc
**Available in:** Development environments, Enterprise plans only
The OAuth auth method permits dbt Cloud to run development queries on behalf of
-a Snowflake user without the configuration of Snowflake password in dbt Cloud. For
-more information on configuring a Snowflake OAuth connection in dbt Cloud, please see [the docs on setting up Snowflake OAuth](/docs/cloud/manage-access/set-up-snowflake-oauth).
-
+a Snowflake user without the configuration of Snowflake password in dbt Cloud.
+
+For more information on configuring a Snowflake OAuth connection in dbt Cloud, please see [the docs on setting up Snowflake OAuth](/docs/cloud/manage-access/set-up-snowflake-oauth).
+
## Configuration
To learn how to optimize performance with data platform-specific configurations in dbt Cloud, refer to [Snowflake-specific configuration](/reference/resource-configs/snowflake-configs).
-### Custom domain URL support
+### Custom domain URL
To connect to Snowflake through a custom domain (vanity URL) instead of the account locator, use [extended attributes](/docs/dbt-cloud-environments#extended-attributes) to configure the `host` parameter with the custom domain:
@@ -90,30 +116,24 @@ This configuration may conflict with Snowflake OAuth when used with PrivateLink.
If you're receiving a `Could not deserialize key data` or `JWT token` error, refer to the following causes and solutions:
-
+
+
+Possible cause and solution for the error "Could not deserialize key data" in dbt Cloud.
+- This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines.
-Error: Could not deserialize key data
+**Solution**:
+- You can copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud.
- - Possible cause
-
- - This could be because of mistakes like not copying correctly, missing dashes, or leaving out commented lines.
- - Solution
-
- - You can copy the key from its source and paste it into a text editor to verify it before using it in dbt Cloud.
-
-
+
-
-Error: JWT token
+
- - Possible causes
-
- - This could be a transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud.
- - The public key was not entered correctly in Snowflake.
-
- - Solutions
+Possible cause and solution for the error "JWT token" in dbt Cloud.
+- This could be a transient issue between Snowflake and dbt Cloud. When connecting to Snowflake, dbt gets a JWT token valid for only 60 seconds. If there's no response from Snowflake within this time, you might see a `JWT token is invalid` error in dbt Cloud.
+- The public key was not entered correctly in Snowflake.
- - dbt needs to retry connections to Snowflake.
- - Confirm and enter Snowflake's public key correctly. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error).
+**Solutions**
+- dbt needs to retry connections to Snowflake.
+- Confirm and enter Snowflake's public key correctly. Additionally, you can reach out to Snowflake for help or refer to this Snowflake doc for more info: [Key-Based Authentication Failed with JWT token is invalid Error](https://community.snowflake.com/s/article/Key-Based-Authentication-Failed-with-JWT-token-is-invalid-Error).
-
+
diff --git a/website/static/img/docs/dbt-cloud/cloud-configuring-dbt-cloud/extended-attributes-mfa.jpg b/website/static/img/docs/dbt-cloud/cloud-configuring-dbt-cloud/extended-attributes-mfa.jpg
new file mode 100644
index 00000000000..de06c286278
Binary files /dev/null and b/website/static/img/docs/dbt-cloud/cloud-configuring-dbt-cloud/extended-attributes-mfa.jpg differ