SCIM API

Important

This feature is in Public Preview.

Azure Databricks supports SCIM, or System for Cross-domain Identity Management, an open standard that allows you to automate user provisioning using a REST API and JSON. The Azure Databricks SCIM API follows version 2.0 of the SCIM protocol.

Note

  • An Azure Databricks administrator can invoke all SCIM API endpoints.
  • Non-admin users can invoke the Me Get endpoint, the Users Get endpoint to read user display names and IDs, and the Group Get endpoint to read group display names and IDs.

Call the SCIM API

In the examples, replace <databricks-instance> with the adb-<workspace-id>.<random-number>.azuredatabricks.net domain name of your Azure Databricks deployment.

Resource URL

https://<databricks-instance>/api/2.0/preview/scim/v2/<api-endpoint>

Header parameters

Parameter Type Description
Authorization (required) STRING Set to Bearer <access-token>.

See Authentication using Azure Databricks personal access tokens, Authentication using Azure Active Directory tokens, and Token API to learn how to generate tokens.

Important! The Azure Databricks admin user who generates this token should not be managed by your identity provider (IdP). An Azure Databricks admin user who is managed by the IdP can be deprovisioned using the IdP, which would cause your SCIM provisioning integration to be disabled.
Content-Type (required for write operations) STRING Set to application/scim+json.
Accept (required for read operations) STRING Set to application/scim+json.

Filter results

Use filters to return a subset of users or groups. For all users, the user userName and group displayName fields are supported. Admin users can filter users on the active attribute.

Operator Description Behavior
eq equals Attribute and operator values must be identical.
ne not equal to Attribute and operator values are not identical.
co contains Operator value must be a substring of attribute value.
sw starts with Attribute must start with and contain operator value.
and logical AND Match when all expressions evaluate to true.
or logical OR Match when any expression evaluates to true.

Sort results

Sort results using the sortBy and sortOrder query parameters. The default is to sort by ID.

APIs