Omnigent identity and access
Omnigent is in Beta. For the open-source documentation, see the Omnigent documentation.
On Databricks, Omnigent uses your Databricks workspace identity. There's no separate Omnigent login, account, or password to manage. Authentication and single sign-on use your Databricks login, and access is governed by Databricks.
Sign-in
When you open Omnigent from your Databricks workspace, you're authenticated as your workspace user automatically. Every request carries your Databricks identity, and Omnigent attributes your sessions and actions to that identity.
When you register your own machine as an Omnigent host with the CLI, you authenticate to the workspace the same way:
omni login <workspace-url>
This signs in with your Databricks identity so the host you register belongs to you. To register a host, see the Omnigent quickstart.
Access control
Access to Omnigent and to individual sessions is governed by Databricks:
- Who can use Omnigent. A workspace admin enables the Omnigent preview for your workspace. Anyone with workspace access and the preview enabled can use it.
- Session visibility. Each session is private to its owner until shared. Workspace admins do not have blanket access to every session; a session is visible to others only after the owner shares it.
- Identity resolution. Owners, collaborators, and the author of each turn are shown by their workspace email.
Session permissions
When you share a session, you grant one of the following permission levels:
Grant Edit carefully. An editor can run shell commands and modify files on the host through the agent, including any action available through the Omnigent MCP server. An editor can also view your other session chats.
Permission | What it allows |
|---|---|
Read | View and follow along with the session in real time, similar to a viewer on a shared document. A reader cannot send messages or make changes. |
Edit | Full control of the session: send messages, open shells, edit files in the host file system, and rename the session. |