Launching Databricks WorkSpace from Azure Portal
In order to launch the databricks workspace, the user needs to be an owner /contributor at the databricks resource level in azure portal, which is annoying for any enterprise users who are planning to roll out to larger audiences.
Providing the direct workspace backend URL to the end user manually is not the ideal way , Since there are few now and will be 100's in the future.
Permissions are set at the workspace and cluster level, When a user launches the workspace from the azure portal , whatever the api that is calling the databricks should validate the existing permissions on the databricks workspace/ cluster level .
Or In the azure portal, they should provide a workspace backend url link which could be used by the end users.
Gideon Juve commented
Create an app registration so that Databricks shows up on their My Apps portal page. Use SCIM to provision users into the workspace based on a security group. They don't need to be given Owner/Contributor on the workspace resource.