Enable all identity provider users to access Databricks

This article explains how to enable all users in your identity provider to join your Databricks account.

Why enable all identity provider users to access Databricks?

Registering a user in a Databricks account establishes a verifiable identity that Databricks can use for authentication when that user views a shared dashboard.

Databricks recommends that account admins use account-level SCIM to allow all users and groups in your identity provider to access your Databricks account. This allows workspace users to share dashboards with any user in your account. Account users can view and refresh dashboards that have been shared with them. Other dashboard interactions, like editing and publishing, are restricted to Databricks workspace users.

Requirements

• Configure account-level SCIM provisioning to sync users and groups automatically from your identity provider to your Databricks account. See Sync users and groups from your identity provider.

The instructions differ based on your identity provider.

Enable all Microsoft Entra ID users to access Databricks

1. In your Azure portal, go to your Microsoft Entra ID account-level SCIM provisioning application.

2. Go to Manage > Properties.

3. Set Assignment required to No.

Enable all Okta users to access Databricks

1. In Okta, go to Applications and click Databricks.

2. Click the Assign tab, then Assign to people.

3. Select the the Okta group named Everyone, and click Assign.

Other identity providers

If you configure account-level SCIM provisioning with an identity provider that is not Microsoft Entra ID or Okta, follow the general instructions below.

1. Create a group with all users in your identity provider.

2. Assign that group to your account-level SCIM provisioning application.