SSO with Google Workspace (GSuite) for your workspace

Warning

Workspace-level SSO is a legacy configuration. It can only be configured when unified login is disabled. When unified login is enabled, your workspace uses the same SSO configuration as your account.

If your account was created after June 21, 2023, unified login is enabled on your account by default for all workspaces, new and existing, and it cannot be disabled.

Databricks recommends enabling unified login on all workspaces. See Enable unified login.

This documentation has been retired and might not be updated.

This article shows how to configure Google Workspace (GSuite) as the identity provider for a Databricks workspace. To configure SSO in your Databricks account, see Configure SSO in Databricks.

Gather required information

  1. As a workspace admin, log in to the Databricks workspace.

  2. Look for the Authentication header.

  3. Click your username in the top bar of the Databricks workspace and select Settings.

  4. Click on the Identity and access tab.

  5. Next to SSO settings, click Manage.

  6. Copy the Databricks SAML URL field.

Do not close this browser tab.

Configure Google Workspace

  1. In a new browser tab, log in to the Google Workspace Admin console.

  2. In the sidebar, select Apps > Web and mobile apps.

    Open the Web and mobile apps page

  3. On the Web and mobile apps page, select Add App > Add custom SAML app to add a new SAML app.

    Add application

  4. Enter a name in the App name field and click Continue.

    Chose custom application

  5. Go to the Service provider detail page.

  6. Set ACS URL to the Databricks SAML URL from Gather required information.

  7. Set the Entity ID to the Databricks SAML URL.

  8. Select Signed response.

  9. Set Name ID Format to EMAIL.

    Configure SAML application

  10. Click Continue.

  11. On the Google Identity Provider details page, copy the following SAML values under Option 2:

    • SSO URL

    • Entity ID

    • Certificate

  12. Complete the rest of the SAML app workflow in the Google Workspace Admin console.

Configure Databricks

  1. Go back to the browser tab for Databricks.

  2. Click your username in the top bar of the Databricks workspace and select Settings.

  3. Click on the Identity and access tab.

  4. Next to SSO settings, click Manage.

  5. Set Single Sign-On URL to the SSO URL from the Google Workspace app.

  6. Set Identity Provider Entity ID to the Entity ID from the Google Workspace app.

  7. Set x.509 Certificate to the certificate from the Google Workspace app, including the markers for the beginning and ending of the certificate.

  8. Click Enable SSO.

  9. Optionally, click Allow auto user creation.

Test the configuration

  1. In an incognito browser window, go to your Databricks workspace.

  2. Click Single Sign On. You are redirected to Google.

  3. Log in to Google. If SSO is configured correctly, you are redirected to Databricks.

If the test fails, review Troubleshooting.