Provision identities to an Azure Databricks workspace (legacy)

Important

This documentation has been retired and might not be updated. Workspace-level SCIM provisioning is legacy. Databricks recommends that you use account-level SCIM provisioning, see Sync users and groups from Microsoft Entra ID.

Important

This feature is in Public Preview.

If you want to use an IdP connector to provision users and groups and you have a workspace that is not identity federated, you must configure SCIM provisioning at the workspace level.

Note

Workspace-level SCIM does not recognize account groups that are assigned to your identity federated workspace and workspace-level SCIM API calls will fail if they involve account groups. If your workspace is enabled for identity federation, Databricks recommends that you use the account-level SCIM API instead of the workspace-level SCIM API and that you set up account-level SCIM provisioning and turn off the workspace-level SCIM provisioner. For detailed instructions, see Migrate workspace-level SCIM provisioning to the account level.

Add users, groups, and service principals to your workspace using the SCIM API

Workspace admins can add users, groups, and service principals to the Azure Databricks account using workspace-level SCIM APIs. See Workspace Users API, Workspace Groups API, and Workspace Service Principals API