Emergency access for SSO

To prevent lockouts, account admins can set up single sign-on (SSO) emergency access for up to ten users. These users can sign into Databricks using a password and multi-factor authentication (MFA) with FIDO 2 security keys, which may be hardware-based, like a physical security key, or software-based, like a mobile authenticator app. Databricks recommends configuring a strong password and at least one FIDO 2 security key for signing in with emergency access.

Configure users for emergency access

  1. As an account admin, log in to the account console and click the Settings icon in the sidebar.

  2. Click the Sign-in & provisioning tab.

  3. Next to Emergency access click Manage.

  4. In the dialog, choose up to ten users that can sign in using emergency access. These users must register security keys.

  5. Click Save.

    It might take up to two minutes for the users to see the security key management page.

Create a password for emergency access

Users configured for emergency access log in using a Databricks-managed password and MFA. Databricks recommends configuring a strong password

  1. As a user with emergency access, log in to the account console.

  2. Click the down arrow next to your username in the upper-right corner.

  3. Click User preferences.

  4. Under Authentication, in Multi-factor authentication, click reset password.

  5. Follow the instructions sent to your email.

Register a security key for emergency access

A security key can be hardware-based, like a physical security key, or software-based, like a mobile authenticator app. For example, you can use a YubiKey hardware key or the Google Authenticator app. To register a security key:

  1. As a user with emergency access, log in to the account console.

  2. Click the down arrow next to your username in the upper-right corner.

  3. Click User preferences.

  4. Under Authentication, next to Multi-factor authentication, click Add key.

  5. Click Set up and follow the browser prompts to configure your key.

After you configure your key, you will see a Databricks notification that the security key was added successfully.

Login to Databricks using a security key

To login using emergency access and a security key:

  1. As a user with emergency access, go to the account console.

  2. Click Sign in with Databricks credentials.

  3. Enter your username and password. Click Continue.

  4. Follow the browser prompt to use your security key.