Mandatory fields
The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 322: Supported operations for Users
Create User |
POST |
Get User |
GET |
List Users |
GET |
Update User |
PUT |
Delete User |
DELETE |
Groups
Table 323: Supported operations for Groups
Create Group |
POST |
Get Group |
GET |
List Groups |
GET |
Update Group |
PUT |
Delete Group |
DELETE |
This section lists the mandatory fields required to create a User or Group:
Users
Groups
User and Group mapping
The user and group mappings are listed in the tables below.
Table 324: User mapping
id |
id |
userName |
userName |
name.familyName |
name.familyName |
name.givenName |
name.givenName |
displayName |
displayName |
emails[0].value |
emails[0].value |
emails[0].type |
emails[0].type |
emails[0].primary |
emails[0].primary |
active |
active |
groups[].value |
groups[].value |
groups[].display |
groups[].display |
entitlements[].value |
entitlements[].value |
Group
Table 325: Group mapping
id |
id |
displayName |
displayName |
members[].value |
members[].value |
members[].display |
members[].display |
extension.parentGroups[].value |
groups[].value |
extension.parentGroups[].display |
groups[].display |
extension.entitlements[].value |
entitlements[].value |
Connector limitations
-
If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.
-
The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.
-
The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.
-
Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.
-
When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.
-
The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.
-
A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.
-
No meta information is retrieved for users and groups.
-
Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.
-
Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.
-
Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.
-
List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.
User and Group mapping
The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 322: Supported operations for Users
Create User |
POST |
Get User |
GET |
List Users |
GET |
Update User |
PUT |
Delete User |
DELETE |
Groups
Table 323: Supported operations for Groups
Create Group |
POST |
Get Group |
GET |
List Groups |
GET |
Update Group |
PUT |
Delete Group |
DELETE |
Mandatory fields
This section lists the mandatory fields required to create a User or Group:
Users
Groups
The user and group mappings are listed in the tables below.
Table 324: User mapping
id |
id |
userName |
userName |
name.familyName |
name.familyName |
name.givenName |
name.givenName |
displayName |
displayName |
emails[0].value |
emails[0].value |
emails[0].type |
emails[0].type |
emails[0].primary |
emails[0].primary |
active |
active |
groups[].value |
groups[].value |
groups[].display |
groups[].display |
entitlements[].value |
entitlements[].value |
Group
Table 325: Group mapping
id |
id |
displayName |
displayName |
members[].value |
members[].value |
members[].display |
members[].display |
extension.parentGroups[].value |
groups[].value |
extension.parentGroups[].display |
groups[].display |
extension.entitlements[].value |
entitlements[].value |
Connector limitations
-
If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.
-
The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.
-
The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.
-
Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.
-
When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.
-
The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.
-
A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.
-
No meta information is retrieved for users and groups.
-
Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.
-
Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.
-
Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.
-
List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.
Connector limitations
The Databricks connector allows you to connect Databricks with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Databricks' unified platform for data and Artificial Intelligence (AI). Databricks provides services that allow you to migrate complex and expensive on-premises data systems to cloud data platforms.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 322: Supported operations for Users
Create User |
POST |
Get User |
GET |
List Users |
GET |
Update User |
PUT |
Delete User |
DELETE |
Groups
Table 323: Supported operations for Groups
Create Group |
POST |
Get Group |
GET |
List Groups |
GET |
Update Group |
PUT |
Delete Group |
DELETE |
Mandatory fields
This section lists the mandatory fields required to create a User or Group:
Users
Groups
User and Group mapping
The user and group mappings are listed in the tables below.
Table 324: User mapping
id |
id |
userName |
userName |
name.familyName |
name.familyName |
name.givenName |
name.givenName |
displayName |
displayName |
emails[0].value |
emails[0].value |
emails[0].type |
emails[0].type |
emails[0].primary |
emails[0].primary |
active |
active |
groups[].value |
groups[].value |
groups[].display |
groups[].display |
entitlements[].value |
entitlements[].value |
Group
Table 325: Group mapping
id |
id |
displayName |
displayName |
members[].value |
members[].value |
members[].display |
members[].display |
extension.parentGroups[].value |
groups[].value |
extension.parentGroups[].display |
groups[].display |
extension.entitlements[].value |
entitlements[].value |
-
If User's displayName attribute is present in the request, then the name attributes are not considered. If displayName is not provided, the values from the name attributes would be considered.
-
The connector doesn't implement roles for Users. Roles endpoints are not supported at target system and the user can not be assigned with random text to the roles.
-
The connector does not implement modifying the entitlements for Users or Groups. Entitlements endpoints are not supported at target system. The User or Group can not be assigned with random text to the entitlements.
-
Create User operation can create only Active users in the target application. However, Update User operation can be used to make the user InActive.
-
When a user create operation is tried with userName of a deleted user, the target system re-activates the deleted user and returns the details of that deleted user (with any updated values for attributes from the create request) instead of creating a new user with new user id.
-
The Databricks REST API supports a maximum of 30 requests per second per workspace. A 429 response status code is displayed if the requests exceed the rate limit.
-
A Databricks admin user whose Personal Access Token is used to authorize the target endpoints and who is managed by the Identity Provider (IdP) can be deprovisioned using the IdP, which may cause the SCIM provisioning integration to be disabled.
-
No meta information is retrieved for users and groups.
-
Target system follows soft delete of resources. Inactivating a user by updating 'active' to 'false' soft-deletes the user and that user cannot be retrieved.
-
Group's members will not contain 'type' attribute with values 'User' / 'Group' as the target system does not return the type of the members. Groups in target system can have users and groups as members.
-
Delete group request with invalid id returns 204 because of the target API behavior. The target API returns success when a deleted group is tried deleting again.
-
List users and list groups APIs are relatively slow. Hence used very minimal set of attributes in the query attributes on these endpoint.
Hive
The Hive connector allows you to connect Hive with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance Hive's services as a collaborative tool used for project planning.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 326: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Get User by id |
GET |
Get All Users |
GET |
Groups
Table 327: Supported operations for Groups
GET Group by Id |
GET |
Get All Groups |
GET |
Mandatory fields
Users
Groups
- Create Group is not supported by the target system.
User and Group mapping
The user and group mappings are listed in the tables below.
Table 328: User mapping
Id |
id |
UserName |
email |
Name.GivenName |
profile.firstname |
Name.FamilyName |
profile.lastname |
Name.Formatted |
fullname |
DisplayName |
fullname |
Emails[0].value |
email |
Groups
Table 329: Groups mapping
Id |
id |
DisplayName |
name |
Members.value |
members[] |
Connector limitations
-
Connector gets All the Groups and filters the group from the list for GET Group By Id operation since the target system does not have an API to support Get Group by Id.
-
Update User operation supports only to update GivenName and FamilyName due to target system limitation.
-
Connector does not support the meta information created and lastModified as these are not supported by the target system.