Showing results for 
Search instead for 
Did you mean: 
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
Showing results for 
Search instead for 
Did you mean: 

Databricks Users Access Control via Azure AAD?

New Contributor III

Hi All,

Looking for suggestions to see if it is possible to control users via Azure AD (outside of Azure Databricks). As i want to create a new users in Azure and then I want to give RBAC to individual users and rather than control their permissions from inside Databricks is it possible to control from outside?

As i tried looking for some customized roles in Azure however i couldn't find anything, that's the reason looking for suggestions from community.



Prashanth Kumar


Community Manager
Community Manager


Hi @Prashanthkumar ,

Managing users in Azure Databricks involves a combination of Azure Active Directory (Azure AD) and Databricks-specific configurations.

Let’s explore how you can achieve this:

  1. Sync Users from Azure AD to Azure Databricks:

    • As an account admin, you can sync users from your Azure AD tenant to your Azure Databricks account using a SCIM provisioning connector. This ensures that users are automatically added to your Databricks account when they exist in Azure AD.
    • Note that if you already have SCIM connectors that sync identities directly to your workspaces, you should disable those when enabling the account-level SCIM connector.
    • For detailed instructions, refer to the article on Provisioning identities to your Azure Databricks account using Microsoft Entra ID.
  2. Manage Users in Your Account:

    • Account admins can add users to your Azure Databricks account using the account console.
    • By default, users in an Azure Databricks account do not have any default access to workspaces, data, or compute resources.
    • To add users to your account:
      • Log in to the account console.
      • In the sidebar, click User Management.
      • On the Users tab, click Add User.
      • Enter the user’s name and email address, then click Add user.
    • Keep in mind that a user cannot belong to more than 50 Azure Databricks accounts.
  3. Workspace Admins and Access Control:

    • Workspace admins can add users to an Azure Databricks workspace and assign them the workspace admin role.
    • They can manage access to objects and functionality within the workspace, such as creating clusters or accessing specific persona-based environments.
    • When you add a user to a workspace, they are also added to the account.
    • Workspace admins are members of the admins group in the workspace, which is a reserved group that cannot be deleted.
    • Users with a built-in Contributor or Owner role on the workspace resource in Azure are automatically assigned the workspace admin role when they click Launch Workspace in the Azure portal.
  4. Azure AD Passthrough for Data Lake Access:

  5. Single Sign-On (SSO) with Windows Active Directory:

  6. Authentication via Azure AD Service Principal:

In summary, you can effectively manage users in Azure Databricks by syncing them from Azure AD, configuring workspace admins, and leveraging features like Azure AD Passthrough. Feel free to explore these options and tailor them to your specific requirements.

New Contributor III

Thank you Kaniz, let me try some of the options as my Databricks is integrated with AAD. Let me try Option 1 as thats my primary requirement.

Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!