Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
You must have Databricks account admin privileges to create service principals and generate OAuth secrets.

Finding Your Account ID

The Account ID is a UUID required for all account-level API calls.

1

Sign in to the Account Console

2

Copy your Account ID

Click your user avatar in the top-right corner. Your Account ID is shown under My account — click the copy icon next to it.

Creating a Service Principal

A service principal is a machine identity used for automated API access without tying credentials to a user account.

1

Navigate to Service Principals

In the left sidebar, click User management, then click the Service principals tab.

2

Add a Service Principal

Click Add service principal, enter a descriptive name in the New service principal display name field (e.g. “StackOne Integration”), and click Add service principal.

3

Assign Account Admin Role

Click the Roles tab and toggle on Account admin. This role is required for the service principal to manage users, groups, and service principals via the SCIM API.

Generating OAuth Credentials

Generate a client secret for the service principal to use with OAuth client credentials flow.

1

Open the Service Principal

In User management > Service principals, click on the service principal you created.

2

Generate a Secret

Click the Credentials & secrets tab, then click Generate secret. Set the lifetime (up to 730 days) and click Generate.

3

Copy the Credentials

Copy both values immediately — the secret is shown only once and cannot be retrieved later.

  • Client ID — paste into the Client ID field in StackOne
  • Client Secret — paste into the Client Secret field in StackOne
4

Configure scopes

Enables actions: Add Group Member, Assign Metastore To Workspace, Create Budget, Create Credential Configuration, Create Custom App Integration, Create Group, Create IP Access List, Create Log Delivery Configuration, Create Metastore, Create Network Configuration, Create Or Update Workspace Permission Assignment, Create Service Principal, Create Service Principal Secret, Create User, Delete Budget, Delete Credential Configuration, Delete Custom App Integration, Delete Group, Delete IP Access List, Delete Metastore, Delete Metastore From Workspace, Delete Network Configuration, Delete Service Principal, Delete Service Principal Secret, Delete User, Delete Workspace Permission Assignment, Download Billable Usage, Get Budget, Get Credential Configuration, Get Custom App Integration, Get Group, Get IP Access List, Get Log Delivery Configuration, Get Metastore, Get Network Configuration, Get Service Principal, Get Storage Configuration, Get Unified Credentials, Get Unified Group, Get Unified Organization, Get Unified Role, Get Unified User, Get User, Get Workspace, Get Workspace Metastore, List Budgets, List Credential Configurations, List Custom App Integrations, List Groups, List IP Access Lists, List Log Delivery Configurations, List Metastore Workspace Assignments, List Metastores, List Network Configurations, List Service Principal Secrets, List Service Principals, List Storage Configurations, List Unified Groups, List Unified Organizations, List Unified Roles, List Unified Users, List Users, List Workspace Permission Assignments, List Workspaces, Remove Group Member, Update Budget, Update Custom App Integration, Update Group, Update Log Delivery Configuration, Update Metastore, Update Service Principal, Update User

The Scopes field defaults to all-apis if left empty. Use individual scopes separated by spaces to restrict access:

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Account ID
  • Client ID
  • Client Secret
  • Scopes (Optional)
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.