cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCIM Synchronization for Email Change Cases in Azure AD

Go to solution
rfreitas
New Contributor II

‎02-01-2024 07:52 AM

Hi everyone,

I would like to know if the following behavior is expected or if it is a misconfiguration in SCIM

We are going through a change in the email of some users. So we did a test, changing the email of one of them, but the result was not OK because the old email remained active in Databricks, and the new one was not synchronized by SCIM.

Thank you for your help.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Ayushi_Suthar
Databricks Employee
Databricks Employee

‎02-04-2024 10:58 PM

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Ayushi_Suthar
Databricks Employee
Databricks Employee

‎02-04-2024 10:58 PM

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

0 Kudos

Go to solution
rfreitas
New Contributor II
In response to Ayushi_Suthar

‎02-06-2024 12:20 PM

Thanks for sharing the helpful docs and tips.

We'll definitely consider your suggestions and try to come up with a solution that minimizes the impact on our end users.

0 Kudos

Go to solution
Ayushi_Suthar
Databricks Employee
Databricks Employee
In response to rfreitas

‎02-06-2024 10:30 PM

Hi @rfreitas thank you for writing us back. 

Please leave a like if the above suggestion helps, follow-ups are appreciated. 

Kudos,

Ayushi

0 Kudos

Go to solution
rfreitas
New Contributor II
In response to Ayushi_Suthar

‎02-14-2024 07:49 AM

Hi @Ayushi_Suthar 

An update on this case.

I've been doing some tests with the Databricks API https://docs.databricks.com/api/azure/workspace/users/patch

I was able to update the user's status, but when I try to update the userName, the API says it's successful, but the change doesn't actually happen.

Is it possible to use the API to do this?

rfreitas_0-1707925743983.png

 

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements