Unable to authenticate against https://accounts.cloud.databricks.com as an account admin.

bricksdata
New Contributor

Problem

I'm unable to authenticate against the https://accounts.cloud.databricks.com endpoint even though I'm an account admin. I need it to assign account level groups to workspaces via the workspace assignment api (https://api-docs.databricks.com/rest/latest/permission-assignment-account-api.html) which is recommended by Databricks.

Our Databricks instance is deployed to AWS.

What's been tried

  1. ​Create PAT token
  2. Test that I can authenticate against workspace endpoints
  3. Test workspace assignment endpoint with unauthorised error
  4. Calling Groups account endpoint with unauthorised error

Code

def list_account_groups():
    """Note: Requires Account admin PAT token to list all account groups"""
    api_version = '/api/2.0'
    api_command = "/scim/v2/Groups"
    url = f"https://accounts.cloud.databricks.com{api_version}/accounts/{ACCOUNT_ID}{api_command}"
 
    header = {
        "accept": "application/scim+json",
        "Authorization": f"Bearer {DATABRICKS_TOKEN}"
    }
    
    response = requests.get(url, headers=header)
    print(response.status_code)
    print(json.dumps(json.loads(response.text), indent = 2))

Response:

401
{
  "message": "Cannot complete request; user is unauthenticated"
}