Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
You must have Databricks account admin privileges to create app connections.

Finding Your Account ID

The Account ID is a UUID required for all account-level API calls.

1

Sign in to the Account Console

2

Copy your Account ID

Click your user avatar in the top-right corner. Your Account ID is shown under My account — click the copy icon next to it.

Creating an App Connection

Register a custom OAuth app connection to allow StackOne to authenticate on behalf of your users.

1

Navigate to App Connections

In the left sidebar, click Settings, then click the App connections tab.

2

Add a New Connection

Click Add connection and fill in the following details:

  • Application name: Enter a descriptive name (e.g. “StackOne Integration”)
  • Redirect URLs: Enter https://api.stackone.com/connect/oauth2/databricks/callback
  • Access scopes: Select All APIs — this is required for StackOne to access the SCIM provisioning APIs
  • Generate a client secret: Check this box to generate a secret for server-side authentication
  • Access Token TTL: Leave as default (60 minutes).
  • Refresh Token TTL: Set to the maximum value of 129,600 minutes (90 days) to avoid the account going into an errored state when the refresh token expires. After 90 days, you will need to re-authenticate by editing the account in StackOne.
3

Copy the Credentials

After clicking Add, a Connection created dialog appears with a warning: “Make sure to copy the secret now. You won’t be able to see it again.” Copy both values using the copy icons and click Done.

  • Client ID — click the copy icon and paste into the Client ID field in StackOne
  • Client Secret — click the copy icon and paste into the Client Secret field in StackOne

Understanding Scopes

Scopes control which Databricks APIs the OAuth connection can access. The scope is configured during the app connection setup (Access scopes) and also sent in the OAuth authorization request.

1

Configure scopes

Enables actions: Add Group Member, Assign Metastore To Workspace, Create Budget, Create Credential Configuration, Create Custom App Integration, Create Group, Create IP Access List, Create Log Delivery Configuration, Create Metastore, Create Or Update Workspace Permission Assignment, Create Service Principal, Create Service Principal Secret, Create User, Delete Budget, Delete Credential Configuration, Delete Custom App Integration, Delete Group, Delete IP Access List, Delete Metastore, Delete Metastore From Workspace, Delete Service Principal, Delete Service Principal Secret, Delete User, Delete Workspace Permission Assignment, Download Billable Usage, Get Budget, Get Credential Configuration, Get Custom App Integration, Get Group, Get IP Access List, Get Log Delivery Configuration, Get Metastore, Get Service Principal, Get Storage Configuration, Get Unified Credentials, Get Unified Group, Get Unified Organization, Get Unified Role, Get Unified User, Get User, Get Workspace, Get Workspace Metastore, List Budgets, List Credential Configurations, List Custom App Integrations, List Groups, List IP Access Lists, List Log Delivery Configurations, List Metastore Workspace Assignments, List Metastores, List Service Principal Secrets, List Service Principals, List Storage Configurations, List Unified Groups, List Unified Organizations, List Unified Roles, List Unified Users, List Users, List Workspace Permission Assignments, List Workspaces, Remove Group Member, Update Budget, Update Custom App Integration, Update Group, Update Log Delivery Configuration, Update Metastore, Update Service Principal, Update User

The Scopes field defaults to all-apis offline_access if left empty. The offline_access scope is required to receive a refresh token for long-lived sessions. Use individual scopes separated by spaces to restrict access:

Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for Databricks:
1

Navigate to Connector Profiles

Login to StackOne and navigate to Connector Profiles
2

Create New Connector Profile

  • Click + Connector Profile
  • Search for and select Databricks
  • Select Type as OAuth 2.0 (U2M - User to Machine)
  • Fill out the fields using details retrieved from your provider:
    • Account ID
    • Client ID
    • Client Secret
    • Scopes (Optional)
  • (Optional) Select Actions to be enabled for this Connector Profile
  • Click Create profile
Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to Link Accounts for Databricks.