cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Provision users and groups from an Identity Provider (IdP)

APJESK
New Contributor III

2 weeks ago

In our organization, SCIM is not supported for user and group provisioning. Iโ€™d like to know what other options are available to provision users and groups from an Identity Provider (IdP) into Databricks.

  • Are there alternative methods (e.g., JIT provisioning, APIs, manual approaches)?

  • Has anyone implemented automated workflows without SCIM?

  • What are the pros/cons of these alternatives in terms of maintainability and security?

Would appreciate insights from anyone who has faced a similar challenge.

3 REPLIES 3

szymon_dybczak
Esteemed Contributor III

2 weeks ago

Hi @APJESK ,

Fortunately, you don't have to use SCIM. Recently, Databricks added Automatic Identity management.  It enables you to add users, service principals, and groups from Microsoft Entra ID into Azure Databricks without configuring an application in Microsoft Entra ID. Databricks uses Microsoft Entra ID as the source of record, so any changes to users or group memberships are respected in Azure Databricks. 

You can read about it here:

Sync users and groups automatically from Microsoft Entra ID - Azure Databricks | Microsoft Learn

 

APJESK
New Contributor III

2 weeks ago

Thank you for sharing this information. I would like to inform you that our environment is Databricks on AWS, and our IdP is Ping Federate. Could you please advise if there are equivalent solutions or recommended best practices for this setup?

0 Kudos

szymon_dybczak
Esteemed Contributor III
In response to APJESK

2 weeks ago - last edited 2 weeks ago

If you're using AWS and your IdP is ping then you have to use SCIM. At least, I don't know any other option. But maybe someone will jump in to our conversation and give you some hints.
Automatic Identity management applies only to Azure.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements