cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SCIM Synchronization for Email Change Cases in Azure AD

Go to solution
rfreitas
New Contributor II

‎02-01-2024 07:52 AM

Hi everyone,

I would like to know if the following behavior is expected or if it is a misconfiguration in SCIM

We are going through a change in the email of some users. So we did a test, changing the email of one of them, but the result was not OK because the old email remained active in Databricks, and the new one was not synchronized by SCIM.

Thank you for your help.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Ayushi_Suthar
Honored Contributor
Honored Contributor

‎02-04-2024 10:58 PM

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Ayushi_Suthar
Honored Contributor
Honored Contributor

‎02-04-2024 10:58 PM

Hi @rfreitas , It is an expected behaviour because we don't support email or username updates/edits in the SCIM as of now. As per Databricks documentation, an email update is not supported in SCIM. You cannot update the username or email address of a Databricks workspace user.

Please refer this document : https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#provisioning-tips

Also, before adding the new Email alias with the user name could you please try the following :

1. Delete the User from AD console and ensure that user has been deleted from AD application user lists and Groups.
2. Run an immediate sync from AD application : To request an immediate sync, go to Manage > Provisioning for the enterprise application and select Clear current state and restart synchronization.
3. Verify the Users list and Groups in the Databricks workspace are also upto date with user being Deleted from users list and Group in Databricks.

Important Note: Post this kindly add the new user to the AD application and again run the immediate sync and verify if the new user is being reflected in the groups also successfully.

https://docs.databricks.com/en/administration-guide/users-groups/scim/aad.html#after-initial-sync-th...

0 Kudos

Go to solution
rfreitas
New Contributor II
In response to Ayushi_Suthar

‎02-06-2024 12:20 PM

Thanks for sharing the helpful docs and tips.

We'll definitely consider your suggestions and try to come up with a solution that minimizes the impact on our end users.

0 Kudos

Go to solution
Ayushi_Suthar
Honored Contributor
Honored Contributor
In response to rfreitas

‎02-06-2024 10:30 PM

Hi @rfreitas thank you for writing us back. 

Please leave a like if the above suggestion helps, follow-ups are appreciated. 

Kudos,

Ayushi

0 Kudos

Go to solution
rfreitas
New Contributor II
In response to Ayushi_Suthar

‎02-14-2024 07:49 AM

Hi @Ayushi_Suthar 

An update on this case.

I've been doing some tests with the Databricks API https://docs.databricks.com/api/azure/workspace/users/patch

I was able to update the user's status, but when I try to update the userName, the API says it's successful, but the change doesn't actually happen.

Is it possible to use the API to do this?

rfreitas_0-1707925743983.png

 

0 Kudos

Go to solution
Kaniz
Community Manager
Community Manager

‎02-06-2024 12:21 AM

Hey there! Thanks a bunch for being part of our awesome community! 🎉 

We love having you around and appreciate all your questions. Take a moment to check out the responses – you'll find some great info. Your input is valuable, so pick the best solution for you. And remember, if you ever need more help , we're here for you! 

Keep being awesome! 😊🚀

 

0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.