Query the audit log for password-based API logins
Background
Starting on July 10, 2024, Databricks will disable password-based API logins. Prior to that date, use this notebook to identity users in your workspaces who are using password-based API authentication. These users should switch to OAuth authentication for API-based authentication.
See Machine-to-machine (M2M) authentication and User-to-machine (U2M) authentication.
Before you begin
This notebook will require that Unity Catalog is configured in at least one of your workspaces in each region that you have a workspace. If you don't already have a Unity Catalog workspace in a region, please create a new workspace in that region. Your new workspace will be enabled for Unity Catalog by default.
Instructions
- Step 1: Import this notebook into a Unity Catalog workspace.
- Step 2: Run the 'Enable the audit log system table' command.
- Step 3: Run the 'Query the audit log for password-based logins' command to get an output of users using password-based API authentication.
- Step 4: For each region in which you have a workspace, repeat the first three steps.
Enable the audit log system table for this region
The following command enables the system.access schema in this region. This will give you access to the audit log system table. It's safe to perform this operation even if you have previously enabled this system schema.
Query the audit log for password-based logins in this region
The following query returns a list of users who have recently used a password-based login in this region. The output table includes the account ID, workspace Id, user agent, user email, and whether the login was via API or Interactive (using user_agent).
Feel free to modify this query as you need. For example, update the event_date if you would like to scan for a longer period of time.