PowerShell login with a Microsoft Entra ID service principal
Follow these steps to use PowerShell to log in to Azure Databricks with a Microsoft Entra ID service principal. For information about Azure Databricks service principals, see Manage service principals.
Important
Azure Databricks managed service principals are managed directly within Azure Databricks. Microsoft Entra ID managed service principals are managed in Microsoft Entra ID, which requires additional permissions. Databricks recommends that you use Azure Databricks managed service principals for most use cases. However, Databricks recommends that you use Microsoft Entra ID managed service principals in cases where you must authenticate with Azure Databricks and other Azure resources at the same time.
To create a Azure Databricks managed service principal instead of a Microsoft Entra ID managed service principal, see Manage service principals.
Gather the following information:
Parameter Description Tenant IDThe Directory (tenant) IDfor the related application registered in Microsoft Entra ID.Client IDThe Application (client) IDfor the related application registered in Microsoft Entra ID.Client secretThe Valueof the client secret for the related application registered in Microsoft Entra ID.Sign in the service principal to Azure by using PowerShell to run the following lines of code, one line at a time, concluding with calling the Connect-AzAccount cmdlet.
$SecurePassword = ConvertTo-SecureString -String "<Client-secret>" -AsPlainText -Force $TenantId = "<Tenant-ID>" $ApplicationId = "<Client-ID>" $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecurePassword Connect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $CredentialNote
If an error message states that the
Connect-AzAccountcmdlet is not recognized, install it by running the following cmdlet:Install-Module -Name Az -Repository PSGallery -ForceConfirm that you are signed in to the correct subscription for your signed-in service principal. To get the name and ID of your signed-in subscription, as well as the subscription’s related tenant ID, run the following cmdlet:
Get-AzContext | Select-Object -ExpandProperty SubscriptionIf you are not sure what the correct subscription should be, you can for example get the subscription ID for an Azure Databricks workspace by clicking your username > Azure Portal in the workspace navigation bar. On the Azure Databricks workspace resource page that appears, click Overview in the sidebar. Then look for the Subscription ID field, which contains the subscription ID.
If you cannot access the Azure Portal, but you have access to your Azure Databricks account console, you can get the correct subscription for an Azure Databricks workspace as follows:
- Make a note of the workspace’s programmatic name, which is located next your username in the workspace navigation bar.
- Click your username > Manage Account in the workspace navigation bar.
- In the sidebar, click Workspaces.
- In the Filter workspaces box, enter the workspace’s programmatic name and press
Enter. - Click the workspace’s programmatic name in the results list.
- Make a note of the Subscription field, which contains the subscription ID.
If you need to switch to a different subscription, run the Set-AzContext cmdllet, using the
-Nameor-Subscriptionparameter to specify the correct subscription name or ID.Set-AzContext -Name "<subscription-name>" # Or ... Set-AzContext -Subscription <subscription-id>If the following message displays, you are signed in to the wrong tenant:
The subscription of '<subscription-id>' doesn't exist in cloud 'AzureCloud'.To sign in to the correct tenant, you must run theConnect-AzAccountcmdlet again, using the-Tenantoption to specify the correct tenant ID.You can get the tenant ID for an Azure Databricks workspace by running the command
curl -v <per-workspace-URL>/aad/authand looking in the output< location: https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000, where00000000-0000-0000-0000-000000000000is the tenant ID. See also Get subscription and tenant IDs in the Azure portal.Connect-AzAccount -Tenant <tenant-id>
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for