databricks · simonfaltum · May 27, 2026
diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
@@ -5,6 +5,7 @@
 ### Notable Changes
 
 ### CLI
+* `databricks auth login --skip-workspace` (without `--host`) now lands the user on the account selector at `login.databricks.com` instead of the workspace selector, skipping a step that is wasted for account-only logins.
 
 ### Bundles
 * The error reported when a direct-only resource (catalogs, external locations, vector search endpoints) is used with the terraform engine now also suggests setting `bundle.engine: direct` in `databricks.yml`, in addition to the `DATABRICKS_BUNDLE_ENGINE` environment variable ([#5295](https://github.com/databricks/cli/pull/5295)).

diff --git a/cmd/auth/login.go b/cmd/auth/login.go
@@ -251,6 +251,7 @@
 				profileName:     profileName,
 				timeout:         loginTimeout,
 				scopes:          scopes,
+				skipWorkspace:   skipWorkspace,
 				existingProfile: existingProfile,
 				browserFunc:     getBrowserFunc(cmd),
 				tokenCache:      tokenCache,
@@ -600,6 +601,7 @@
 	profileName     string
 	timeout         time.Duration
 	scopes          string
+	skipWorkspace   bool
 	existingProfile *profile.Profile
 	browserFunc     func(string) error
 	tokenCache      cache.TokenCache
@@ -629,6 +631,12 @@
 	if len(scopesList) > 0 {
 		opts = append(opts, u2m.WithScopes(scopesList))
 	}
+	// --skip-workspace lands the user on the account selector at
+	// login.databricks.com instead of the workspace selector, which is a
+	// wasted step for account-only logins.
+	if in.skipWorkspace {
+		opts = append(opts, u2m.WithDiscoveryAccountTarget())
+	}
 	discoveryHost := env.Get(ctx, discoveryHostEnvVar)
 	if discoveryHost != "" {
 		opts = append(opts, u2m.WithDiscoveryHost(discoveryHost))

diff --git a/cmd/auth/login_test.go b/cmd/auth/login_test.go
@@ -87,8 +87,9 @@ type fakeDiscoveryClient struct {
 	introspection     *auth.IntrospectionResult
 	introspectionErr  error
 	// For assertions
-	introspectHost  string
-	introspectToken string
+	introspectHost     string
+	introspectToken    string
+	persistentAuthOpts []u2m.PersistentAuthOption
 }
 
 func (f *fakeDiscoveryClient) NewOAuthArgument(profileName string) (*u2m.BasicDiscoveryOAuthArgument, error) {
@@ -99,6 +100,7 @@ func (f *fakeDiscoveryClient) NewOAuthArgument(profileName string) (*u2m.BasicDi
 }
 
 func (f *fakeDiscoveryClient) NewPersistentAuth(ctx context.Context, opts ...u2m.PersistentAuthOption) (discoveryPersistentAuth, error) {
+	f.persistentAuthOpts = opts
 	if f.persistentAuthErr != nil {
 		return nil, f.persistentAuthErr
 	}
@@ -1116,6 +1118,52 @@ func TestDiscoveryLogin_OverridesHostFromEnv(t *testing.T) {
 	assert.NotContains(t, stderr.String(), "Opening login.databricks.com in your browser...")
 }
 
+func TestDiscoveryLogin_SkipWorkspaceAddsAccountTargetOption(t *testing.T) {
+	tmpDir := t.TempDir()
+	configPath := filepath.Join(tmpDir, ".databrickscfg")
+	require.NoError(t, os.WriteFile(configPath, []byte(""), 0o600))
+	t.Setenv("DATABRICKS_CONFIG_FILE", configPath)
+
+	newDiscoveryClient := func(t *testing.T) *fakeDiscoveryClient {
+		oauthArg, err := u2m.NewBasicDiscoveryOAuthArgument("DISCOVERY")
+		require.NoError(t, err)
+		oauthArg.SetDiscoveredHost("https://workspace.example.com")
+		return &fakeDiscoveryClient{
+			oauthArg: oauthArg,
+			persistentAuth: &fakeDiscoveryPersistentAuth{
+				token: &oauth2.Token{AccessToken: "test-token"},
+			},
+			introspectionErr: errors.New("not asserted here"),
+		}
+	}
+
+	ctx, _ := cmdio.NewTestContextWithStdout(t.Context())
+
+	// Baseline: no --skip-workspace.
+	baselineDC := newDiscoveryClient(t)
+	require.NoError(t, discoveryLogin(ctx, discoveryLoginInputs{
+		dc:          baselineDC,
+		profileName: "DISCOVERY",
+		timeout:     time.Second,
+		browserFunc: func(string) error { return nil },
+		tokenCache:  newTestTokenCache(),
+	}))
+
+	// With --skip-workspace: expect exactly one extra option.
+	skipDC := newDiscoveryClient(t)
+	require.NoError(t, discoveryLogin(ctx, discoveryLoginInputs{
+		dc:            skipDC,
+		profileName:   "DISCOVERY",
+		timeout:       time.Second,
+		skipWorkspace: true,
+		browserFunc:   func(string) error { return nil },
+		tokenCache:    newTestTokenCache(),
+	}))
+
+	assert.Equal(t, len(baselineDC.persistentAuthOpts)+1, len(skipDC.persistentAuthOpts),
+		"--skip-workspace should add exactly one extra PersistentAuthOption (WithDiscoveryAccountTarget)")
+}
+
 func TestLoginRejectsPositionalArgWithHostFlag(t *testing.T) {
 	ctx := cmdio.MockDiscard(t.Context())
 	authArgs := &auth.AuthArguments{Host: "https://example.com"}