Databricks

1. Configure SCIM Provisioning:

   • Databricks recommends setting up provisioning to the account level using Microsoft Entra ID (formerly Azure Active Directory). This allows you to sync users, service principals, and groups from your identity provider to your Databricks account.
   • Ensure your Databricks account has the Premium plan or above.
   • As a Databricks account admin:
     • Log in to the Databricks account console.
     • Click Settings.
     • Click User Provisioning.
     • Click Enable user provisioning.
     • Copy the SCIM token and the Account SCIM URL. You’ll use these to configure your Microsoft Entra ID application.
     • Note: The SCIM token is restricted to the Account SCIM API (/api/2.0/accounts/{account_id}/scim/v2/)...¹.
   • Configure the enterprise application in the Azure portal to automate SCIM provisioning using Microsoft Graph. This eliminates the need for a separate provisioning application¹.

2. Sync Users and Groups:

   • Set the Provisioning Status toggle to On in Microsoft Entra ID.
   • Go to Manage > Users and groups.
   • Click Add user/group, select the users and groups, and click the Assign button.
   • Wait a few minutes and verify that the users and groups exist in your Databricks account¹.

3. Assign Users and Groups to Workspaces:

   • Users and groups assigned to the SCIM application will be provisioned to the Databricks account.
   • If you have existing Databricks workspaces, consider adding all existing users and groups in those workspaces to the SCIM application.
   • Go to Manage > Properties and set Assignment required to No. This allows all users to sign in to the Databricks account¹.

By following these steps, you can ensure that user and group assignments automatically propagate across all workspaces within your Databricks account. 🚀🔗

For more detailed instructions, refer to the official Databricks documentation on SCIM provisioning using Microsoft Entra ID¹.²