Identity federation is not enabled in workspaces created with Terraform

You need to assign a metastore when creating the workspace to enable identity federation.

Written by david.vega

Last published at: November 18th, 2024

Problem

When creating a workspace via Terraform, the identity federation setting (AWSAzureGCP) is not enabled by default.

Cause

In order to enable identity federation, your workspace needs to belong to a metastore. Only new accounts that are created after November 8, 2023, have Unity Catalog and identity federation enabled by default. Accounts created before then have to manually enable the feature.

Solution

To enable identity federation via Terraform when the workspace is created, you must specify the metastore_assignment attribute when creating the workspace in order to assign it to the metastore. 

Example code

resource "databricks_metastore_assignment" "<metastore-name>" {
workspace_id = <your-workspace-id>
metastore_id = <your-metastore-id>
}

You need to enter the values for your workspace ID and your metastore ID to the example code. You will also need to enter your metastore name.

If you are using Terraform variables to manage the value, set the attributes to those variables.

For example, workspace_id = <your-workspace-id-variable>.

For more information, review the Terraform databricks_metastore_assignment documentation.

Info

You can also assign a workspace to a metastore (AWSAzureGCP) with an API call.