cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Issue with updating email with SCIM Provisioning

ma10
New Contributor

โ€Ž08-30-2024 03:11 AM - edited โ€Ž08-30-2024 03:14 AM

Hi all,

For our set-up we have configured SCIM provisioning using Entra ID, group assignment on Azure is dealt with by IdentityIQ Sailpoint, and have enabled SSO for Databricks. It has/is working fine apart from one scenario. The original email assigned to an account on Entra ID has been updated from user.A@company.org to user.B@company.org,  due to a name change.

The email update has been reflected everywhere (Azure, IIQ) so is referring to user.b@. However, Databricks is still trying to match to the original email user.a@. We have revoked access completely to everything and still face the same issue?

Has anyone dealt with this before, or have any ideas of how to deal with the issue?

0 Kudos
3 REPLIES 3

Ismael-K
Databricks Employee
Databricks Employee

โ€Ž01-29-2025 09:28 AM

Currently, the email address is an immutable attribute in the Databricks application. To request a change to this behavior, you can submit a feature enhancement. In the interim, you can also submit a support case for a potential workaround.

0 Kudos

VasylS
New Contributor II
In response to Ismael-K

โ€Ž08-04-2025 07:10 AM

Hi  Ismael-K

Is there any workarounds for this scenario?
I have exact same problem when the user changed his e-mail in Azure EntraID from UserA@BranchA.company.com to UserA@BranchB.company.com
I've deleted the user with the old email from the accounts console in accounts.azuredatabricks.net but now, when in the accounts console I searching user with a new email UserA@BranchB.company.com I cannot find it, although it remains in Azure EntraID

0 Kudos

VasylS
New Contributor II
In response to VasylS

โ€Ž08-07-2025 06:43 AM - edited โ€Ž08-07-2025 06:45 AM

For anyone who will face this issue in the future:

In order to fix this issue (user changed his email), you need:
1) Because email is an immutable attribute - check in Databricks account console, affected user's account, and if it has an old email - delete the user with the old email.
2) Determine the correct Enterprise application SCIM Connector (if you have multiple).
3) Stop and restart synchronization of the SCIM Connector
Check synchronization logs and that user appeared back in Databricks account console.

No need to make any changes with user account in Azure EntraID.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements