Finding Your Workspace URL
The Workspace URL is the hostname of your Databricks workspace (without https://).
Sign in to Databricks
Open the Databricks Account Console in a browser (or your cloud-specific equivalent — Azure or GCP) and sign in as a workspace admin. If you already know your workspace URL you can also navigate to it directly; typical formats are https://<workspace-hostname>.cloud.databricks.com (AWS), https://adb-<id>.<n>.azuredatabricks.net (Azure), or https://<id>.<region>.gcp.databricks.com (GCP).
Select your workspace
After sign-in you may land on a Select a workspace screen at accounts.cloud.databricks.com/select-workspace?account_id=... (Free Edition / multi-workspace accounts). Click the row for the workspace you want to integrate (e.g. workspace). The browser will then redirect to that workspace’s URL — this is the workspace URL you need.
Copy the Workspace Hostname
Look at the URL bar. Your workspace URL is the hostname between https:// and the first / — for example dbc-e5d7119f-c9fa.cloud.databricks.com or adb-1234567890123456.7.azuredatabricks.net. Paste this value (without https:// and without a trailing slash) into the Workspace URL field in StackOne.
Creating a Service Principal
A service principal is a machine identity used for automated API access without tying credentials to a user account.
Open Workspace Settings
Click your user avatar in the top-right corner of the workspace. A dropdown appears — click Settings from that dropdown.
Navigate to Service Principals
In the Settings sidebar select Identity and access, then click Manage next to Service principals.
Add a Service Principal
Click Add service principal. A dialog opens with a dropdown to select an existing service principal and an Add new button — click Add new to create a new one. In the Service principal name field, enter a descriptive name (e.g. “StackOne Integration”), then click Add. Note the Application ID (UUID) shown on the service principal details page — you will need it later for granting workspace permissions.
Confirm Status and Required Entitlements
On the service principal details page, open the Configurations tab. You will see two separate sections — Status and Entitlements (each with its own heading). First, in the Status section, confirm the Active checkbox is selected. Then, in the Entitlements section directly below it, confirm the following entitlements are enabled (the portal lists them in this order)
- Databricks SQL access — required for SQL warehouse and statement execution actions
- Workspace access — required to use the workspace at all
Generating OAuth Credentials
Generate an OAuth client secret for the service principal to use with the client credentials flow.
Generate a Secret
Click the Generate secret button. A Generate OAuth secret popup appears with a field labelled Lifetime (days). Enter a whole number between 1 and 730 in the text input, then click the blue Generate button.
Selecting Scopes
Scopes are entered only on the StackOne Hub link-account page — there is no scope selection step on the Databricks side.
Choose your scopes
In the StackOne Hub, the Scopes field defaults to all-apis if left empty. To restrict access, enter individual scopes separated by spaces. If you use a custom scope list, clusters is required (the connection test action list_clusters needs it) — add jobs, sql, workspace, and/or unity-catalog alongside it for the resources you intend to use.
Granting Workspace-Object Permissions
By default, the service principal has full permissions only on its own home directory /Users/<application-id>/. For workspace-write actions (create_workspace_directory, import_workspace_object, delete_workspace_object) targeting any other path, a workspace admin must explicitly grant the service principal Can Edit (or Can Manage) on the target parent directory. For read actions targeting paths outside the SP home, at least Can Read is required.
Open the Workspace Browser
Click Workspace in the left sidebar. Select the target folder row (or the workspace root Workspace for broad access — permissions on the root inherit to all sub-paths).
Add the Service Principal
Remove any default All workspace users chip from the search field if present. In the search field, type either the service principal’s display name OR its Application ID (UUID) — both resolve. The autocomplete dropdown will show matching service principals with their Application IDs; click the entry corresponding to your service principal to select it as a chip in the search field.
Set Permission Level and Save
Use the permission-level dropdown next to the principal to choose a level. The portal labels are Can Read, Can Run, Can Edit, and Can Manage (the underlying API values are CAN_READ, CAN_RUN, CAN_EDIT, and CAN_MANAGE respectively). For the StackOne integration to perform both read and write workspace actions, select Can Manage (recommended — also allows the principal to grant permissions to others). Click Add. Permissions on the workspace root inherit to all sub-paths.
Linking the Account from the Hub
Navigate to the Hub
Fill out the fields
- Workspace URL
- Client ID
- Client Secret
- Scopes (Optional)
If the account linking is successful, you will see the newly linked account in your Accounts page.