Problem
You enable identity federation (AWS | Azure) on your Databricks workspace.
You are trying to push Okta groups to your workspace via SCIM, but get an Unable to update Group Push mapping target error.
Failed on 07-13-2022 07:10:58PM UTC: Unable to update Group Push mapping target App group databricks_prod_admins: Error while creating user group databricks_prod_admins: Bad Request. Errors reported by remote server: Request is unparsable, syntactically incorrect, or violates schema.
Cause
When identity federation is enabled in your workspace, you cannot SCIM sync users and groups directly to the workspace. Users and groups should be centrally managed in the account-level SCIM application.
Solution
You should disable workspace SCIM sync in the Okta application.
- Navigate to your per-workspace application in the Okta configuration settings.
- Click the workspace application name (for example, Databricks Workspace Level SCIM Application).
- Click Provisioning.
- In the Settings drop down menu, click Configure API Integration..
- Click Edit.
- Remove the check mark for Enable API Integration.
- Click Save.