Azure Databricks supports SCIM, or System for Cross-domain Identity Management, an open standard that allows you to automate user provisioning. SCIM lets you use Azure Active Directory to create users in Azure Databricks and give them the proper level of access, as well as remove access for users (deprovision them) when they leave your organization or no longer need access to Azure Databricks. You can also invoke the Azure Databricks SCIM API directly to manage provisioning.
The Azure Databricks SCIM API follows version 2.0 of the SCIM protocol.
This feature is in Public Preview.
You must be an Azure Databricks administrator to configure identity providers to provision users to Azure Databricks or to invoke the Azure Databricks SCIM API directly.
When you use SCIM provisioning, user and group attributes stored in your IdP can override changes you make using the Azure Databricks Admin Console and Groups API. For example, if a user is assigned the Allow Cluster Creation entitlement in your IdP and you remove that entitlement using the Users tab on the Azure Databricks Admin Console, the user will be re-granted that entitlement the next time the IdP syncs with Azure Databricks, if the IdP is configured to provision that entitlement. The same behavior applies to groups.
This section includes the following topics:
To learn how to use the Azure Databricks SCIM API, see SCIM API (Users and Groups).