Amazon
Web Services
Microsoft Azure
Google Cloud PlatformEnd of life for Databricks-managed passwords
Databricks-managed passwords reached end of life on July 10, 2024. Starting on July 10, 2024, you can no longer use Databricks-managed passwords to authenticate to the Databricks UI or APIs, known as basic authentication.
How do I log in to Databricks?
Depending on your account configuration, you can log in to Databricks with single sign-on, external accounts, or email and a one-time passcode.
When single sign-on is not configured, you can log in to Databricks using your email or one of the account providers selected by your account admin. When you login with a one-time passcode, Databricks sends a unique code to your email address. You must retrieve this code from your email and enter it on the login page to verify your identity. For more information, see Sign-in with email or external accounts.
How do I authenticate to Databricks APIs?
Starting on July 10, 2024, you can no longer use Databricks-managed passwords to authenticate to the Databricks APIs, known as basic authentication. Automation using basic authentication will fail. You must use either OAuth authentication (recommended) or personal access tokens.
To use OAuth, see Use a service principal to authenticate with Databricks (OAuth M2M) and OAuth user-to-machine (U2M) authentication.
To use personal access tokens, see Databricks personal access tokens for workspace users.
How do I authenticate to Databricks from BI tools?
Starting on July 10, 2024, you can no longer use a username and password to authenticate to Databricks from BI tools. Depending on your account configuration, you can use single sign-on or personal access tokens to authenticate to Databricks from BI tools. For example, to authentication from Tableau and Power BI, see Connect Tableau and Databricks and Connect Power BI to Databricks.
How do I migrate my account off of passwords?
The steps you take to migrate off of passwords differ depending on whether your users are in a centralized identity provider or not. As an account admin, use the following flow chart to help you plan your migration:
Users are in a centralized identity provider
Configure single sign-on in your account.
Enable unified login for all workspaces. If your account was created after June 21, 2023, unified login is already enabled. See Configure SSO in Databricks.
Configure emergency access to prevent lockouts. Emergency access allows specified users to sign into Databricks using a password and multi-factor authentication. See Emergency access for SSO.
Enforce multi-factor authentication from your identity provider.
Migrate API authentication from basic authentication. To generate a list of workspace users using basic authentication, see How do I audit basic authentication usage?.
Use OAuth authentication (recommended) or personal access tokens.
See Use a service principal to authenticate with Databricks (OAuth M2M).
Users have different email domains
Use one-time passcodes or allow users to log in with existing Google or Microsoft accounts. See Sign-in with email or external accounts.
No action is required to migrate to one-time passcodes. Users will receive a unique code via email to log in.
Migrate API authentication from basic authentication. To generate a list of workspace users using basic authentication, see How do I audit basic authentication usage?.
Use OAuth authentication (recommended) or personal access tokens.
See Use a service principal to authenticate with Databricks (OAuth M2M).
How do I audit basic authentication usage?
As a workspace admin, can use the following notebook to generate a list of workspace users who use basic authentication.