Authenticate access to Azure Databricks resources
To access an Azure Databricks resource with the Databricks CLI or REST APIs, clients must authenticate using an Azure Databricks account with the required authorization to access the resource. To securely run a Databricks CLI command or call a Databricks API request that requires authorized access to an account or workspace, you must provide an access token based on valid Azure Databricks account credentials. This article covers the authentication options to provide those credentials and authorize access to an Azure Databricks workspace or account.
The following table shows the authentication methods available to your Azure Databricks account.
Azure Databricks authentication methods
Because Azure Databricks tools and SDKs work with one or more supported Azure Databricks authentication methods, you can select the best authentication method for your use case. For details, see the tool or SDK documentation in Developer tools and guidance.
| Method | Description | Use case |
|---|---|---|
| Personal access tokens (PAT) | Short-lived or long-lived tokens for users or service principals. | Scenarios where your target tool does not support OAuth. |
| Azure managed identities authentication | Microsoft Entra ID tokens for Azure managed identities. | Use only with Azure resources that support managed identities, such as Azure virtual machines. |
| Microsoft Entra ID service principal authentication | Microsoft Entra ID tokens for Microsoft Entra ID service principals. | Use only with Azure resources that support Microsoft Entra ID tokens and do not support managed identities, such as Azure DevOps. |
| Azure CLI authentication | Microsoft Entra ID tokens for users or Microsoft Entra ID service principals. | Use to authenticate access to Azure resources and Azure Databricks using the Azure CLI. |
Azure Databricks configuration profiles
An Azure Databricks configuration profile contains settings and other information that Azure Databricks needs to authenticate. Azure Databricks configuration profiles are stored in local client files for your tools, SDKs, scripts, and apps to use. The standard configuration profile file is named .databrickscfg. For more information, see Azure Databricks configuration profiles.