SCIM APISCIM API

重要

此功能目前以公共预览版提供。This feature is in Public Preview.

Azure Databricks 支持 SCIM(跨域身份管理系统,一种可用于使用 REST API 和 JSON 将用户预配过程自动化的开放标准)。Azure Databricks supports SCIM, or System for Cross-domain Identity Management, an open standard that allows you to automate user provisioning using a REST API and JSON. Azure Databricks SCIM API 遵循 SCIM 协议版本 2.0。The Azure Databricks SCIM API follows version 2.0 of the SCIM protocol.

备注

  • Azure Databricks 管理员可以调用所有 SCIM API 终结点。An Azure Databricks administrator can invoke all SCIM API endpoints.
  • 非管理员用户可以调用“获取”终结点、“获取用户”终结点以读取用户显示名称和 ID,并可以调用“获取”终结点以读取组显示名称和 ID。Non-admin users can invoke the Me Get endpoint, the Users Get endpoint to read user display names and IDs, and the Group Get endpoint to read group display names and IDs.

调用 SCIM APICall the SCIM API

在示例中,请将 <databricks-instance> 替换为 Azure Databricks 部署的工作区 URLIn the examples, replace <databricks-instance> with the workspace URL of your Azure Databricks deployment.

资源 URLResource URL

https://<databricks-instance>/api/2.0/preview/scim/v2/<api-endpoint>

标头参数Header parameters

参数Parameter 类型Type 说明Description
Authorization(必需)Authorization (required) STRING 设置为 Bearer <access-token>Set to Bearer <access-token>.

若要了解如何生成令牌,请参阅使用 Azure Databricks 个人访问令牌进行身份验证使用 Azure Active Directory 令牌进行身份验证令牌 APISee Authentication using Azure Databricks personal access tokens, Authentication using Azure Active Directory tokens, and Token API to learn how to generate tokens.

重要说明:Important! 生成此令牌的 Azure Databricks 管理员用户不应由标识提供者 (IdP) 管理。The Azure Databricks admin user who generates this token should not be managed by your identity provider (IdP). 可以使用 IdP 来取消预配由 IdP 管理的 Azure Databricks 管理员用户,这会导致 SCIM 预配集成被禁用。An Azure Databricks admin user who is managed by the IdP can be deprovisioned using the IdP, which would cause your SCIM provisioning integration to be disabled.
Content-Type(写入操作所必需)Content-Type (required for write operations) STRING 设置为 application/scim+jsonSet to application/scim+json.
Accept(读取操作所必需)Accept (required for read operations) STRING 设置为 application/scim+jsonSet to application/scim+json.

筛选结果Filter results

使用筛选器可返回用户或组的子集。Use filters to return a subset of users or groups. 对于所有用户,支持用户 userName 和组 displayName 字段。For all users, the user userName and group displayName fields are supported. 管理员用户可根据 active 属性筛选用户。Admin users can filter users on the active attribute.

运算符Operator 说明Description 行为Behavior
eqeq equalsequals 属性值和运算符值必须相同。Attribute and operator values must be identical.
nene 不等于not equal to 属性值和运算符值不相同。Attribute and operator values are not identical.
coco containscontains 运算符值必须是属性值的子字符串。Operator value must be a substring of attribute value.
swsw 开头为starts with 属性必须以运算符值开头并包含运算符值。Attribute must start with and contain operator value.
andand 逻辑与logical AND 当所有表达式的计算结果都为 true 时匹配。Match when all expressions evaluate to true.
or 逻辑或logical OR 当任意表达式的计算结果为 true 时匹配。Match when any expression evaluates to true.

对结果进行排序Sort results

使用 sortBysortOrder 查询参数对结果进行排序。Sort results using the sortBy and sortOrder query parameters. 默认选择“按 ID 排序”。The default is to sort by ID.

APIAPIs