Members not supported SCIM provisioning failure

You get a members or groups not supported error when trying to provision new users to your workspace via SCIM.

Last published at: August 18th, 2022

Problem

You using SCIM to provision new users on your Databricks workspace when you get a Members attribute not supported for current workspace error.

StatusCode: BadRequest
Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.
Web Response: 
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"scimType":"Members attribute not supported for current workspace.","detail":"Request is unparsable, syntactically incorrect, or violates schema.","status":"400"}
. This operation was retried 0 times. It will be retried again after this date: 2022-07-07T10:51:04.8148533Z UTC

Delete

Info

Depending on how you are provisioning users, you may get a Groups attribute not supported for current workspace error message.

Cause

The Members attribute not supported for current workspace error message indicates that identity federation is enabled on the workspace. Accounts that have Unity Catalog enabled (Identity federation will be enabled by default) manage users and groups at the account level. You get an error if you try to manage them at the workspace level.

Solution

Verify your workspace settings. If Unity Catalog is enabled on the workspace you must manage users and groups at the account level.

Review the documentation on managing identities in Unity Catalog for more information.

There are two ways to determine if Unity Catalog is enabled on the workspace or not.

From the accounts console as an admin user
From the workspace UI as a normal user

From the Account Console (Admin)

Delete

Warning

You must have account admin permissions to proceed.

Log in to the Account Console at https://accounts.cloud.databricks.com.
Review the list of workspaces in your account.
Click the name of the workspace to open the workspace Configuration.
On the right hand side of the screen, look for the Identity federation value.
Review the Metastore configuration section and look for a unity-catalog value.
If the Identity federation is set to Enabled or the metastore is configured with unity-catalog you must manage users and groups at the account level.

From the workspace UI (non-admin)

Log in to your workspace.
Click Compute.
Click the Create Cluster button.
Review the options under Cluster mode.
If High Concurrency is an option, Unity Catalog is disabled and you can manage users and groups at the workspace level.
If High Concurrency mode shows as disabled, Unity Catalog is enabled and you must manage users and groups at the account level.

Cannot delete Unity Catalog metastore using Terraform
Problem You cannot delete the Unity Catalog metastore using Terraform. Cause The ...
Permission denied error when creating external location
Problem An external location is a storage location, such as an S3 bucket, on whic...
Overlapping paths error when querying both Hive and Unity Catalog tables
Problem You are running queries when you get an overlapping paths error message. ...
Unable to access Delta Sharing tables with a Python client
Problem Delta Sharing is a platform independent open protocol that is used to sec...
SYNC command fails with a mismatched input error
Problem The SYNC command can be used to migrate legacy external Apache Hive table...

Databricks Knowledge Base

Contact Us