Policy: Azure > CIS v5.0 > 2 - Analytics Services > 2.01 - Azure Databricks > 2.01.04 - Ensure that users and groups are synced from Microsoft Entra ID to Azure Databricks
Configures auditing against a CIS Benchmark item.
Level: 1
By default, Azure Databricks adds an Entra ID user to its directory when that user first accesses Databricks. Users and groups can also be synchronized from Entra ID using SCIM (System for Cross-domain Identity Management) provisioning.
Synchronizing users and groups from Entra ID provides: - Centralized identity management through a single source of truth - Automatic user lifecycle management (provisioning and deprovisioning) - Consistent access control across Azure services - Simplified compliance and auditing
This control requires manual verification to confirm that SCIM provisioning is configured for the Databricks workspace.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Related Policies
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/cis
- tmod:@turbot/azure-cisv5-0#/policy/types/r020104
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv5-0#/policy/types/r020104"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv5-0#/policy/types/r020104"
Get Policy TypeGet Policy Settings