This article provides overview information about OAuth token federation for accessing Databricks account and workspace resources using tokens from your identity provider.
What is Databricks OAuth token federation?âDatabricks OAuth token federation enables you to securely access Databricks APIs using tokens from your identity provider (IdP). OAuth token federation eliminates the need to manage and rotate Databricks secrets such as personal access tokens and Databricks OAuth client secrets.
Using Databricks OAuth token federation, users and service principals exchange JWT (JSON Web Tokens) tokens from your identity provider for Databricks OAuth tokens, which can then be used to access Databricks APIs.
Why is OAuth token federation strongly recommended for workloads?âOAuth token federation is a simpler and more secure method for authenticating to Databricks, especially for automated workloads. Your workload authenticates to Databricks as a service principal in your Databricks account, using workload identity tokens issued by the automation environment. The Databricks SDKs and Databricks CLI automatically fetch these workload identity tokens and exchange them for Databricks OAuth tokens, which eliminates the need manage and rotate Databricks secrets.
What types of token federation are supported?âDatabricks supports two types of token federation:
To configure OAuth token federation for your Databricks account or workload:
Determine whether you will use account-wide token federation or workload identity federation.
Create a federation policy. You will need:
Configure the tool or identity provider to authenticate to Databricks using federated tokens. For example configuration for common CI/CD identity providers, see Enable workload identity federation in CI/CD.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4