cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

How to change the display name for a Service Principal

Go to solution
Fabrice_MONNIER
New Contributor II

Wednesday

Hi,

I'm trying to change  the displayName for some EntraID managed service principals.

I've tried using the scim API with a PATCH request, I get a HTTP 200 response, but the displayName remains the same.

I tried the same with Databricks managed service principals, but same result: the displayName remains unchanged.

I'm putting below the Powershell script that I'm using, if anyone has an idea, it would be greatly appreciated.

Thanks!

 

 

$spnID = "[SPN_ID]"
$workspaceUrl = "https://[WORKSPACE_URL]/"

$token ="[TOKEN]"

$body = @{
  "schemas"    = @("urn:ietf:params:scim:api:messages:2.0:PatchOp")
  "Operations" = @(
    @{
      op   = "replace"
      path    = "displayName"
      value   = "[NEW_DISPLAY_NAME]"
      }
    
  )
} | ConvertTo-Json -Depth 5

$response = Invoke-WebRequest -Uri "$workspaceUrl/api/2.0/preview/scim/v2/ServicePrincipals/$spnID" `
    -Headers @{
        Authorization = "Bearer $token"
        "Content-Type" = "application/json"
    } `
    -Method Patch `
    -Body $body

Write-Output $response.Content
0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
Raman_Unifeye
Contributor III

Wednesday

You cannot renameEntra ID (Azure) Managed Service Principals via the Databricks API.

For Entra Service Principals, Entra ID (Azure AD) is the Identity Provider (IdP) and the ultimate source of truth. Databricks treats the displayName as a read-only property projected from Azure.

You must change the "Name" of the App Registration in the Azure Portal.

  • Go to Azure Portal > App Registrations.
  • Find the Application (Client) ID.
  • Change the Display Name in the Branding or Overview blade.
  • Wait for the sync (Databricks will eventually pick up the change, or it will update the next time the SP authenticates).

Pls let me know if it resolves your issue.


RG #Driving Business Outcomes with Data Intelligence

View solution in original post

Go to solution
Raman_Unifeye
Contributor III

yesterday

@Fabrice_MONNIER - If the name isn't changing for pure Databricks SPs, the issue is almost certainly Account-Level vs. Workspace-Level scope. If Service Principal was created at the Account Console level and then added to the Workspace, the Workspace-level SCIM API (workspaceUrl/api/...) considers the displayName to be "owned" by the Account. It cannot overwrite it locally. You must use the Account-Level SCIM API, not the Workspace API.


RG #Driving Business Outcomes with Data Intelligence

View solution in original post

3 REPLIES 3

Go to solution
Raman_Unifeye
Contributor III

Wednesday

You cannot renameEntra ID (Azure) Managed Service Principals via the Databricks API.

For Entra Service Principals, Entra ID (Azure AD) is the Identity Provider (IdP) and the ultimate source of truth. Databricks treats the displayName as a read-only property projected from Azure.

You must change the "Name" of the App Registration in the Azure Portal.

  • Go to Azure Portal > App Registrations.
  • Find the Application (Client) ID.
  • Change the Display Name in the Branding or Overview blade.
  • Wait for the sync (Databricks will eventually pick up the change, or it will update the next time the SP authenticates).

Pls let me know if it resolves your issue.


RG #Driving Business Outcomes with Data Intelligence

Go to solution
Fabrice_MONNIER
New Contributor II

yesterday

Thanks @Raman_Unifeye, that makes sense.

How about Databricks managed service principals?

Patching the displayName on this kind of service principals also failed (i.e. the displayName remained unchanged).

0 Kudos

Go to solution
Raman_Unifeye
Contributor III

yesterday

@Fabrice_MONNIER - If the name isn't changing for pure Databricks SPs, the issue is almost certainly Account-Level vs. Workspace-Level scope. If Service Principal was created at the Account Console level and then added to the Workspace, the Workspace-level SCIM API (workspaceUrl/api/...) considers the displayName to be "owned" by the Account. It cannot overwrite it locally. You must use the Account-Level SCIM API, not the Workspace API.


RG #Driving Business Outcomes with Data Intelligence

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements