https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/119430#M3367 <P>see <A href="https://github.com/databricks/terraform-provider-databricks/issues/4687#issuecomment-2875157936" target="_blank">https://github.com/databricks/terraform-provider-databricks/issues/4687#issuecomment-2875157936</A></P> Fri, 16 May 2025 09:00:04 GMT oktarinet 2025-05-16T09:00:04Z https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/118922#M3343 <P>Hi community,&nbsp;<BR /><BR />Azure databricks recently announced a new user management feature (now in public preview) called&nbsp;<A href="https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/automatic-identity-management#enable-automatic-identity-management" target="_self">automatic-identity-management</A>&nbsp;, which allows Azure databricks to access Azure Entra ID directly and grant users and groups permissions and roles in Databricks directly, without needing a SCIM provisioning application.<BR /><BR />I have enabled this feature and have successfully provisioned test users into my workspace. However, I have not been successful at configuring this through Terraform.<BR />Here is some code I have attempted:<BR /><BR /></P><LI-CODE lang="markup">resource "databricks_group" "test" { display_name = "auto-provisioning-test" allow_cluster_create = true workspace_access = true } data "azuread_group" "test" { display_name = "SGA_DATABRICKS_Test" # Entra group } resource "databricks_group_member" "test" { group_id = databricks_group.test.id member_id = data.azuread_group.test.object_id }</LI-CODE><P>I also tried</P><LI-CODE lang="markup">data "databricks_group" "test" { display_name = "SGA_DATABRICKS_Test" # Entra group }</LI-CODE><P>But both attempts gave me a "<SPAN class="">Error: </SPAN><SPAN class="">cannot read group member: Group has no member" error.<BR /><BR />Is there a correct way to do this?</SPAN></P> Mon, 12 May 2025 15:37:29 GMT https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/118922#M3343 oktarinet 2025-05-12T15:37:29Z https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/119430#M3367 <P>see <A href="https://github.com/databricks/terraform-provider-databricks/issues/4687#issuecomment-2875157936" target="_blank">https://github.com/databricks/terraform-provider-databricks/issues/4687#issuecomment-2875157936</A></P> Fri, 16 May 2025 09:00:04 GMT https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/119430#M3367 oktarinet 2025-05-16T09:00:04Z https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/119437#M3369 <P>Hi , I think&nbsp;</P><UL><LI>The<SPAN>&nbsp;</SPAN><STRONG>automatic identity management</STRONG><SPAN>&nbsp;</SPAN>feature provisions Azure Entra ID users and groups directly into Databricks. However, Terraform's<SPAN>&nbsp;</SPAN>databricks_group<SPAN>&nbsp;</SPAN>and<SPAN>&nbsp;</SPAN>databricks_group_member<SPAN>&nbsp;</SPAN>resources are designed for managing groups and memberships<SPAN>&nbsp;</SPAN><STRONG>within Databricks</STRONG>, not for managing Azure Entra ID groups directly.</LI><LI>The error<SPAN>&nbsp;</SPAN>Group has no member<SPAN>&nbsp;</SPAN>occurs because the<SPAN>&nbsp;</SPAN>databricks_group<SPAN>&nbsp;</SPAN>resource is trying to manage a group that is already being managed by Azure Entra ID through automatic provisioning.</LI></UL> Fri, 16 May 2025 10:16:14 GMT https://community.databricks.com/t5/administration-architecture/azure-databricks-automatic-user-provisioning-via-terraform/m-p/119437#M3369 saurabh18cs 2025-05-16T10:16:14Z