使用 SCIM 预配用户和组Provision users and groups using SCIM

Azure Databricks 支持 SCIM(跨域身份管理系统,一种可用于将用户预配过程自动化的开放标准)。Azure Databricks supports SCIM, or System for Cross-domain Identity Management, an open standard that allows you to automate user provisioning. 借助 SCIM,你可以使用标识提供者 (IdP) 在 Azure Databricks 中创建用户并为他们提供适当的访问级别;当他们离开你的组织或不再需要访问 Azure Databricks 时,你还可以删除他们的访问权限(对他们进行取消预配)。SCIM lets you use an identity provider (IdP) to create users in Azure Databricks and give them the proper level of access, as well as remove access for users (deprovision them) when they leave your organization or no longer need access to Azure Databricks. 此外,还可以直接调用 SCIM API 来管理预配。You can also invoke the SCIM API directly to manage provisioning.

重要

此功能目前以公共预览版提供。This feature is in Public Preview.

备注

  • 只有 Azure Databricks 管理员才能配置标识提供者,以将用户预配到 Azure Databricks 或直接调用 Azure Databricks SCIM API。You must be an Azure Databricks administrator to configure identity providers to provision users to Azure Databricks or to invoke the Azure Databricks SCIM API directly.
  • 使用 SCIM 预配时,存储在 IdP 中的用户和组属性可能会替代你使用 Azure Databricks 管理控制台组 API 做出的更改。When you use SCIM provisioning, user and group attributes stored in your IdP can override changes you make using the Azure Databricks Admin Console and Groups API. 例如,如果在 IdP 中为某个用户分配了“允许创建群集”权限,而你在 Azure Databricks 管理控制台中使用“用户”选项卡删除了该权限,那么,在 IdP 下一次与 Azure Databricks 同步时,如果 IdP 配置为预配该权限,则会重新授予该权限。For example, if a user is assigned the Allow Cluster Creation entitlement in your IdP and you remove that entitlement using the Users tab on the Azure Databricks Admin Console, the user will be re-granted that entitlement the next time the IdP syncs with Azure Databricks, if the IdP is configured to provision that entitlement. 相同的行为也适用于组。The same behavior applies to groups.

以下文章介绍了如何进行设置以使用启用了 SCIM 的受支持 IdP 来预配用户:The following articles describe how to set up to provision users using the supported SCIM-enabled IdPs:

若要了解如何使用 Azure Databricks SCIM API,请参阅 SCIM APITo learn how to use the Azure Databricks SCIM API, see SCIM API.