cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

SCIM Synchronization for Email Change Cases in Azure AD

rfreitas
New Contributor II

Hi everyone,

I would like to know if the following behavior is expected or if it is a misconfiguration in SCIM

We are going through a change in the email of some users. So we did a test, changing the email of one of them, but the result was not OK because the old email remained active in Databricks, and the new one was not synchronized by SCIM.

Thank you for your help.

1 ACCEPTED SOLUTION

Accepted Solutions

Ayushi_Suthar
Databricks Employee
Databricks Employee

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

View solution in original post

4 REPLIES 4

Ayushi_Suthar
Databricks Employee
Databricks Employee

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

Thanks for sharing the helpful docs and tips.

We'll definitely consider your suggestions and try to come up with a solution that minimizes the impact on our end users.

Hi @rfreitas thank you for writing us back. 

Please leave a like if the above suggestion helps, follow-ups are appreciated. 

Kudos,

Ayushi

Hi @Ayushi_Suthar 

An update on this case.

I've been doing some tests with the Databricks API https://docs.databricks.com/api/azure/workspace/users/patch

I was able to update the user's status, but when I try to update the userName, the API says it's successful, but the change doesn't actually happen.

Is it possible to use the API to do this?

rfreitas_0-1707925743983.png

 

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group