Amazon
Web Services
Microsoft Azure
Google Cloud PlatformEnd of life for Databricks-managed passwords
Databricks-managed passwords will reach end of life on July 10, 2024. You will no longer be able to use Databricks-managed passwords to authenticate to the Databricks UI or APIs, known as basic authentication, after July 10, 2024.
Migrate to single sign-on
Databricks recommends that you configure single sign-on (SSO) with unified login for all workspaces and enforce multi-factor authentication from your identity provider. Unified login allows you to manage one SSO configuration in your account that is used for the account and Databricks workspaces. Users configured for emergency access can continue to sign into Databricks using multi-factor authentication with a FIDO 2 security key. See SSO in your Databricks account console.
If you don’t configure single sign-on on your account or any of your workspaces by July 10, 2024, users will be required to log in to Databricks using one-time passcodes (OTP) rather than passwords. When a user logs in with OTP, Databricks will send a unique code to the user’s email address. The user must then retrieve this code from their email and enter it on the login page to verify their identity. This enhances security by ensuring that only individuals with access to the registered email can log in.
Migrate to OAuth authentication
You will no longer be able to use Databricks-managed passwords to authenticate to Databricks APIs (known as basic authentication) after July 10, 2024. Databricks recommends using OAuth authentication. See OAuth machine-to-machine (M2M) authentication. If you don’t migrate from basic authentication to either OAuth authentication or personal access tokens by July 10, 2024, your automation will fail. You can use the following notebook to generate a list of workspace users using basic authentication.