Enable unified login

This article shows how to configure unified login to manage single sign-on (SSO) configurations across your account and all Databricks workspaces. Unified login is automatically enabled for accounts created after [unified-login-date] or those that didn't configure SSO before [unified-login-second-date].

Unified login overview

Unified login simplifies SSO management by applying a single account-level configuration across all workspaces. For most accounts, this feature is enabled by default. However, accounts created before [unified-login-date] that had workspace-level SSO configured can enable unified login after setting up account-level SSO. When enabled, all users must sign in using SSO, and workspace-level SSO management is not available. Databricks recommends using unified login for a consistent authentication experience across all workspaces.

For a demo of configuring unified login, see Unified Login.

Default unified login settings

If your account was created after June 21, 2023 or you did not configure SSO before December 12, 2024, unified login is automatically enabled for all workspaces and cannot be disabled. You cannot configure SSO separately at the workspace-level and you do not need to follow the steps in this article to configure unified login.

Enable unified login using the account console

SSO must be enabled in the account to enable unified login. To enable unified login on workspaces with private connectivity between users and the workspace, you must configure additional settings. See Step 6: (Optional) Configure front-end PrivateLink with unified login. Databricks recommends enabling unified login for all workspaces.

Complete the following steps to enable unified login from the account console:

1. As an account admin, log in to the account console and click the Settings icon in the sidebar.

2. Click the Authentication tab.

3. In Unified login, Selected workspaces is enabled by default. Configure unified login settings using the following options:

   • To enable unified login for specific workspaces, select them in the list of workspaces.
     • To apply unified login settings to new workspaces, select Also apply settings to newly created workspaces.
     • To enable unified login for all workspaces, new and existing, select All workspaces (recommended).

   

Enable unified login using the workspace admin settings page

If unified login is enabled on selected workspaces by an account admin, a workspace admin can enable unified login on their workspace. If unified login is enabled on all workspaces, the single sign on configuration is not available on the workspace-level.

To enable unified login on workspaces that configure user to workspace private connectivity you must configure additional steps. See Step 6: (Optional) Configure front-end PrivateLink with unified login.

Complete the following steps to enable unified login from the workspace settings UI:

1. As a workspace admin, log in to the Databricks workspace.
2. Click your username in the top bar of the Databricks workspace and select Settings.
3. Click on the Identity and access tab.
4. Next to SSO settings, click Manage.
5. Next to Unified login click Enable.

Upgrade to unified login

If you are enabling unified login on an existing workspace with workspace-level SSO configured, do the following:

1. Configure single sign-on on your account.

2. Ensure the users in your workspace have access to the account-level SSO application in your identity provider.

   Granting users access to the account-level SSO application does not grant them any additional access in Databricks. All Databricks workspace users are automatically users in the Databricks account. See Assign users to Databricks.

3. Configure unified login on the workspace following the instructions above.

4. Test SSO on the workspace by having a workspace user sign in.

5. Decommission the workspace-level SSO application in your identity provider.