https://community.databricks.com/t5/administration-architecture/aim-with-entra-id-groups-users-and-service-principals-not/m-p/135298#M4237 <P>In Azure Databricks, when AIM is enabled,&nbsp;<SPAN>Entra users, service principals, and groups are available in Azure Databricks as soon as they’re granted permissions. Group memberships, including nested groups, flow directly from Entra ID, so permissions always reflect the latest updates.</SPAN></P> <P><SPAN>Can you please check the <A href="https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/automatic-identity-management#-user-and-group-statuses" target="_self">status</A>&nbsp;of these principals in the account or workspace? Refer to this&nbsp;<A href="https://www.databricks.com/blog/automatic-identity-management-entra-id-now-generally-available-azure-databricks" target="_self">blog</A>. And the <A href="https://youtu.be/BA2QR_lF9qA" target="_self">demo</A> which shows the statuses of the principals.</SPAN></P> Sat, 18 Oct 2025 01:54:42 GMT dkushari 2025-10-18T01:54:42Z https://community.databricks.com/t5/administration-architecture/aim-with-entra-id-groups-users-and-service-principals-not/m-p/134620#M4195 <P><SPAN>Hello Community,</SPAN></P><DIV>&nbsp;</DIV><DIV>I am testing Automatic Identity Management (AIM) in Databricks with Unity Catalog enabled.</DIV><DIV>&nbsp;</DIV><DIV>Steps I did:</DIV><DIV>      •     AIM is activated</DIV><DIV>      •     In Microsoft Entra ID I created a group g1 and added user u1 and service principal sp1</DIV><DIV>      •     I expected auto sync between Databricks Account, Workspace (UC enabled) and Entra ID</DIV><DIV>      •     I assigned group g1 to Databricks Workspace w1</DIV><DIV>&nbsp;</DIV><DIV>Expectation in workspace w1:</DIV><DIV>      •     Group g1 should be available</DIV><DIV>      •     User u1 should be visible as a workspace user</DIV><DIV>      •     Service principal sp1 should be visible in the workspace</DIV><DIV>&nbsp;</DIV><DIV>Actual result:</DIV><DIV>      •     Group g1 appears in w1</DIV><DIV>      •     u1 and sp1 are not visible in the workspace</DIV><DIV>      •     User u1 could not access the workspace even though this user is in g1</DIV><DIV>&nbsp;</DIV><DIV>Question:</DIV><DIV>Do I need to add users and service principals manually to the workspace (and in Terraform)? I expected that adding them to the group in Entra ID would automatically provision them in the workspace.</DIV><DIV>&nbsp;</DIV><DIV>Thanks in advance.</DIV> Sat, 11 Oct 2025 08:06:10 GMT https://community.databricks.com/t5/administration-architecture/aim-with-entra-id-groups-users-and-service-principals-not/m-p/134620#M4195 hasanakhuy 2025-10-11T08:06:10Z https://community.databricks.com/t5/administration-architecture/aim-with-entra-id-groups-users-and-service-principals-not/m-p/135298#M4237 <P>In Azure Databricks, when AIM is enabled,&nbsp;<SPAN>Entra users, service principals, and groups are available in Azure Databricks as soon as they’re granted permissions. Group memberships, including nested groups, flow directly from Entra ID, so permissions always reflect the latest updates.</SPAN></P> <P><SPAN>Can you please check the <A href="https://learn.microsoft.com/en-us/azure/databricks/admin/users-groups/automatic-identity-management#-user-and-group-statuses" target="_self">status</A>&nbsp;of these principals in the account or workspace? Refer to this&nbsp;<A href="https://www.databricks.com/blog/automatic-identity-management-entra-id-now-generally-available-azure-databricks" target="_self">blog</A>. And the <A href="https://youtu.be/BA2QR_lF9qA" target="_self">demo</A> which shows the statuses of the principals.</SPAN></P> Sat, 18 Oct 2025 01:54:42 GMT https://community.databricks.com/t5/administration-architecture/aim-with-entra-id-groups-users-and-service-principals-not/m-p/135298#M4237 dkushari 2025-10-18T01:54:42Z