Databricks Account SCIM APIs

Who can access these APIs?

Account admins:
- Using the account domain endpoints, for example `accounts.cloud.databricks.com`.

Workspace admins:
- Using the workspace domain endpoints.
- Read operations (Get/List).
- Create user and Create service principal.

Regular users:
- Read operations (Get/List).

What authentication is supported?

E2 (AWS)
- SCIM Token (account domain)
- PAT Token (workspace domain)
- Basic authentication

Azure (if Account console is enabled)
- SCIM Token (account domain)
- PAT Token (workspace domain)
- AAD Token authentication

GCP
- SCIM Token (account domain)
- PAT Token (workspace domain)

Create user

Method	POST
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Users {workspace_domain}/api/2.0/account/scim/v2/Users
Request example	{ "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:User" ], "userName":"user@example.com", "displayName": “John Doe” }
Response example	201: { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "100000", "userName": "user@example.com", "emails": [ { "type": "work", "value": "user@example.com", "primary": true } ], "displayName": "John Doe", "name": { "familyName": "Doe", "givenName": "John" } }

Get user by ID

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Users/{user_id} {workspace_domain}/api/2.0/account/scim/v2/Users/{user_id}
Request example
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "100000", "userName": "user@example.com", "emails": [ { "type": "work", "value": "user@example.com", "primary": true } ], "displayName": "John Doe", "name": { "familyName": "Doe", "givenName": "John" } }

List users

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Users {workspace_domain}/api/2.0/account/scim/v2/Users
Request example	GET /api/2.0/accounts/{account_id}/scim/v2/Users?filter=userName+eq+user@example.com
Response example	200: { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ListResponse" ], "totalResults": 1, "Resources": [ { "id": "100000", "userName": "user@example.com", "emails": [ { "type": "work", "value": "user@example.com", "primary": true } ], "displayName": "John Doe", "name": { "familyName": "Doe", "givenName": "John" } } ] }

Assign/unassign admin role to user

Method	PATCH
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Users/{user_id} {workspace_domain}/api/2.0/account/scim/v2/Users/{user_id}
Request example	// assign role { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "add", "path": "roles", "value": [ { "value": "account_admin" } ] } ] } // unassign role { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "roles[value eq \"account_admin\"]" } ] }
Response example	201: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id":"100000", "userName": "user@example.com", "displayName":"newuser", "roles": [ { "value": "account admin" "type": "direct" } ] }

Delete user

Method	DELETE
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Users/{user_id} {workspace_domain}/api/2.0/account/scim/v2/Users/{user_id}
Request example
Response example	204: {} 404: { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "detail": "string", "status": "string" }

Create group

Method	POST
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups {workspace_domain}/api/2.0/account/scim/v2/Groups
Request example	{ "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "displayName":"newgroup", "members":[ { "value":"100000" }, { "value":"100001" } ] }
Response example	201: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "id":"200000", "displayName":"newgroup", "members":[ { "value":"100000" }, { "value":"100001" } ] }

Get group by ID

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups/{group_id} {workspace_domain}/api/2.0/account/scim/v2/Groups/{group_id}
Request example
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "id":"200000", "displayName":"newgroup", "members":[ { "value":"100000" }, { "value":"100001" } ] }

List groups

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups {workspace_domain}/api/2.0/account/scim/v2/Groups
Request example	GET /api/2.0/accounts/{account_id}/scim/v2/Groups?filter=displayName+sw+newgroup
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ListResponse" ], "totalResults":1, "Resources":[ { "id":"200000" "displayName":"newgroup", "members":[ { "value":"100000" }, { "value":"100001" } ] } ] }

Add member to group

Method	PATCH
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups/{group_id} {workspace_domain}/api/2.0/account/scim/v2/Groups/{group_id}
Request example	{ "schemas":[ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations":[ { "op":"add", "value":{ "members":[ { "value":"100002" } ] } } ] }
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "id":"200000", "displayName":"newgroup", "members":[ { "value":"100000" }, { "value":"100001" }, { "value":"100002" } ] }

Remove member from group

Method	PATCH
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups/{group_id} {workspace_domain}/api/2.0/account/scim/v2/Groups/{group_id}
Request example	{ "schemas":[ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations":[ { "op":"remove", "path":"members[value eq \"100000\"]" ] }
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "id":"200000", "displayName":"newgroup", "members":[ { "value":"100001" }, { "value":"100002" } ] }

Delete group

Method	DELETE
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/Groups/{group_id} {workspace_domain}/api/2.0/account/scim/v2/Groups/{group_id}
Request example
Response example	204: {} 404: { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "detail": "string", "status": "string" }

Create service principal (AWS)

Method	POST
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals
Request example	{ "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "displayName":"new-service-principal" }
Response example	201: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "id":"300000", "applicationId":<uuid>, "displayName":"new-service-principal" }

Create service principal (Azure)

Method	POST
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals
Request example	{ "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "displayName":"new-service-principal", "applicationId":<uuid> }
Response example	201: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "id":"300000", "applicationId":<uuid>, "displayName":"new-service-principal" }

Get service principal by ID

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals/{id} {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals/{id}
Request example
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "id":"300000", "displayName":"new-service-principal", "roles": [ { "value": "Account Admin" } ] }

List service principal

Method	GET
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals
Request example	GET /api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals?filter=displayName+sw+new
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ListResponse" ], "totalResults":1, "Resources":[ { "id":"300000" "displayName":"new-service-principal", "roles": [ { "value": "Account Admin" } ] } ] }

Update service principal

Method	PATCH
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals/{id} {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals/{id}
Request example	{ "schemas":[ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations":[ { "op":"replace", "path":"displayName", "value":[ { "value":"updated-sp-name" } ] ] }
Response example	200: { "schemas":[ "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal" ], "id":"300000", "displayName":"updated-sp-name", "roles": [ { "value": "Account Admin" } ] }

Delete service principal

Method	DELETE
Endpoint	{account_domain}/api/2.0/accounts/{account_id}/scim/v2/ServicePrincipals/{id} {workspace_domain}/api/2.0/account/scim/v2/ServicePrincipals/{id}
Request example
Response example	204: {} 404: { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "detail": "string", "status": "string" }