SSO to Databricks with JumpCloud

This article shows how to configure JumpCloud as the identity provider for single sign-on (SSO) in your Databricks account. JumpCloud supports SAML 2.0.

Enable JumpCloud SSO using SAML

  1. Copy the redirect URL from Databricks.

    1. As an account admin, log in to the account console and click the Settings icon in the sidebar.

    2. Click the Authentication tab.

    3. Next to Authentication, click Manage.

    4. Choose Single sign-on with my identity provider.

    5. Click Continue.

    6. Under Identity protocol, select SAML 2.0.

    7. On the Authentication tab, make note of the Databricks Redirect URL value.

    Configure SAML SSO.

  2. Create a SAML application in JumpCloud.

    1. In a new browser tab, log in to your JumpCloud admin portal.

    2. In the sidebar, under User Authentication, click SSO Applications.

    3. Click Add New Application > Custom Application > Next.

    4. In Select the features you would like to enable, select Manage Single Sign-on (SSO) and Configure SSO with SAML.

    5. In Enter General Info, enter a Display label and a Description.

    6. Click Save Application.

  3. Configure the SSO settings.

    1. Click the SSO tab.

    2. Set IdP Entity ID to a value to uniquely identify this SSO application in your JumpCloud environment. Save this value.

    3. Set SP Entity ID to the Databricks Redirect URL you copied above.

    4. Set ACS URLs to the Databricks Redirect URL you copied above.

    JumpCloud configure SAML URLs.

  4. Set the SAML configurations.

    1. On the SSO tab, in SAMLSubject NameID select email.

    2. In SAMLSubject NameID Format select urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified.

    3. In Signature Algorithm select RSA-SHA256.

    4. In Sign select Response.

    5. Copy and save the IDP URL.

    JumpCloud configure SAML settings.

  5. Download the JumpCloud certificate.

    1. In the sidebar, click IDP Certificate Valid and Download Certificate. The certificate is downloaded locally as a file with the .cer extension.

    2. Open the .cer file in a text editor and copy the file contents. The file is the entire x.509 certificate for the JumpCloud SAML application.

      Important

      • Do not open it using the macOS keychain, which is the default application for that file type in macOS.

      • The certificate is sensitive data. Use caution about where to download it. Delete it from local storage as soon as possible.

  6. Configure Databricks in the Databricks account console SSO page.

    1. Set Single Sign-On URL to the JumpCloud field IDP URL.

    2. Set Identity Provider Entity ID to the JumpCloud field IdP Entity ID.

    3. Set x.509 Certificate to the JumpCloud x.509 certificate, including the markers for the beginning and end of the certificate.

    4. Click Save.

    5. Click Test SSO to validate that your SSO configuration is working properly.

    6. Click Enable SSO to enable single sign-on for your account.

    7. Test account console login with SSO.

    Single sign-on tab when all values have been entered

  7. Configure unified login

    Unified login allows you to use the account console SSO configuration in your Databricks workspaces. If your account was created after June 21, 2023, unified login is enabled on your account by default for all workspaces, new and existing, and it cannot be disabled. To configure unified login, see Enable unified login.