https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140260#M4539 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/167034">@stbjelcevic</a>&nbsp;,</P><P>Tanks for the prompt reply.</P><P>Don't have a concrete number but its definitely more than 20.</P><P>Why databricks doesn't provides any wild cards (*) to enable OIDC's ?</P> Tue, 25 Nov 2025 06:45:48 GMT old_school 2025-11-25T06:45:48Z https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140056#M4528 <P>Hi Databricks community,</P><P>I have followed below page and created Github OIDCs but there seems to be a cap on how many OIDC's a Service Principal can create (20 max). Is there any work around for this or some other solution apart from using Client ID and secret key for authentication.</P><P><STRONG>ERROR: </STRONG>Too many policies for '&lt;service principal&gt;' (max 20)</P><P>Enable workload identity federation for GitHub Actions</P><P><A href="https://docs.databricks.com/aws/en/dev-tools/auth/provider-github" target="_blank" rel="noopener">https://docs.databricks.com/aws/en/dev-tools/auth/provider-github</A></P><P>Thank you.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 24 Nov 2025 08:01:55 GMT https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140056#M4528 old_school 2025-11-24T08:01:55Z https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140218#M4533 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/196226">@old_school</a>&nbsp;,</P> <P>Most teams end up creating one policy per repo/environment combination. Are you trying to use a single service principle for all of your needs? How many OIDC's would be sufficient for a single service principle in your case?</P> <P>As far as I can tell, there is no current way to increase the limit.</P> <P>&nbsp;</P> Mon, 24 Nov 2025 18:43:04 GMT https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140218#M4533 stbjelcevic 2025-11-24T18:43:04Z https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140260#M4539 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/167034">@stbjelcevic</a>&nbsp;,</P><P>Tanks for the prompt reply.</P><P>Don't have a concrete number but its definitely more than 20.</P><P>Why databricks doesn't provides any wild cards (*) to enable OIDC's ?</P> Tue, 25 Nov 2025 06:45:48 GMT https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140260#M4539 old_school 2025-11-25T06:45:48Z https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140334#M4544 <P>I can't speak for specifically why, but allowing wildcards creates security risks and most identity providers and standards guidance require exact, pre-registered URLs.</P> Tue, 25 Nov 2025 19:14:17 GMT https://community.databricks.com/t5/administration-architecture/cap-on-oidc-max-20-enable-workload-identity-federation-for/m-p/140334#M4544 stbjelcevic 2025-11-25T19:14:17Z