Databricks

Learn how to connect your Opal instance to Databricks.

With Opal's integration with Databricks:

  • Users can request time-bound access to your Databricks groups.
  • Auditors can initiate access reviews that assign managers or group admins to periodically review users with long-lived access to Duo groups.
  • Admins can add resources from other Opal integrations to an Databricks group so a Databricks group's members can automatically gain birthright access to, for example, a GitHub repo, AWS IAM role, etc.
  • All access changes are tracked in as events that you can log to Slack or export to your favorite tools.

Supported resources

You can import the following from Databricks:

You can add Databricks users and service principals to groups.

The Databricks integration does not support managing identities at the workspace level, based on Databricks' guidelines for identity federation.

Requirements

To set up the Databricks integration, you must:

  • Be an Opal Admin
  • Have permission to create a service principal in Databricks

1. Configure fields in Databricks

First, create a service principal in Databricks and create an OAuth secret for it:

  1. Add a Databricks service principal.
  2. Assign the service principal the Account admin role.
  3. Create an OAuth secret for this service principal. Select Generate secret and specify any lifetime. You have to rotate this when it expires, so you might want to choose a long expiration. By default, secrets refresh every 2 years.
  4. Save the Secret and Client ID, which you'll use in the next step.

You'll also need the following from Databricks:

  • Account Login URL. Use the base URL you use to log in to Databricks. For example, https://accounts.cloud.databricks.com.
  • Account ID. Retrieve this from your avatar in the top left corner of Databricks.

2. Configure fields in Opal

Go to Inventory > + App and find the Databricks integration. Give the integration a name, admin, description, and specify its visibility.

Enter the Account Login URL, Account ID, Client ID, and Client secret fields from the previous step, then select Save.

3. Import resources to Opal

In the Inventory in the Databricks app, select ... > Import items to add your Databricks resources to Opal.

You can now manage access to Databricks resources in Opal.