Add Groups: SCIM
You'll configure SCIM to automatically sync groups from your identity provider into Databricks in ~10 min.
Prereqs: Add Users: SCIM (SCIM connector already configured)
What you'll walk away with
Your identity provider's groups synced into the Databricks account. When membership changes in the IdP, it changes in Databricks too, with no manual step in between.
Prerequisites
- SCIM connector already configured (see Add Users: SCIM).
- Admin access to your identity provider.
Steps
1. Configure group sync in your IdP
If you already set up SCIM for users, groups ride on the same connector. Follow the guide for your identity provider:
| Identity provider | Guide |
|---|---|
| Microsoft Entra ID (Azure AD) | Configure SCIM provisioning for Entra ID |
| Okta | Configure SCIM provisioning for Okta |
| OneLogin | Configure SCIM provisioning for OneLogin |
If the steps differ by cloud, select your cloud provider at the top right of the Databricks docs page.
2. Assign groups in the IdP
In your identity provider, assign the groups you want to the Databricks SCIM application. Only assigned groups sync, so anything you leave out simply will not show up.
3. Trigger a sync
Run a manual sync from your IdP, or wait for the next scheduled cycle. The groups should appear in the Databricks account console.
Verify
- Go to User management > Groups in the account console.
- Confirm the synced groups have the right names and members.
- In your IdP, check that the SCIM application reports a successful provisioning status for groups.
Where people trip
Groups not appearing after sync
Check that the groups are assigned to the SCIM application in your IdP. Unassigned groups never get pushed. If they are assigned and still missing, read the SCIM application provisioning logs for errors.
Group members missing after sync
SCIM syncs membership from the IdP side. If someone is in the group in your IdP but not in Databricks, check that the user is also assigned to the SCIM application on their own, not just through the group.
Next
- Do next: Metastore Admins
- Learn why: Unity Catalog foundations
- Reference: SCIM provisioning overview