This guide provides Azure AD-specific details on how to configure the New Relic Azure AD SCIM/SSO application. This connects your organization's users to New Relic, and allows them to use single sign-on into New Relic. This guide is meant to be used along with the main automated provisioning guide.
Add SCIM/SSO application
Azure AD provides an application gallery, which includes various integrations for Azure AD, including the ones that New Relic offers. Add the New Relic SCIM/SSO application to your list of applications.
- Go to the Azure Active Directory admin center, and sign in if necessary. https://aad.portal.azure.com/
- Click on All services in the left hand menu.
- In the main pane, click on Enterprise applications.
- Click on +New Application.
- Find our SCIM/SSO application by entering New Relic in the name search box, and click on the application New Relic by Organization.
- Click on Add.
Continue with the following section to connect the New Relic SCIM/SSO application to New Relic.
Configure the New Relic SCIM/SSO application to automatically provision your users to New Relic.
- From the New Relic SCIM/SSO application page, click on the Provisioning link in the sidebar.
- In the main pane, click on Get started.
- In the Provisioning Mode pick-list, choose Automatic.
- In the Admin credentials section, fill the Tenant URL and Secret token field with the values provided to you by New Relic. (If you don't have the secret token, you can get that from your New Relic account representative.)
- To verify you can connect to New Relic, click Test Connection.
- When you see a message indicating verification success, click Save.
The New Relic SCIM/SSO application can now connect with New Relic. Continue with the following section to configure the provisioning rules.
Configure provisioning rules
Initially, nothing is configured to be sent to New Relic. You must configure Azure AD to send changes for user creation, updates, and deactivation.
Go to the Provisioning page and complete the following:
- Expand the Mappings section.
- Click Provision Azure Active Directory Users.
- Verify the Target Object Actions Create Update and Delete checkboxes are all checked.
- Verify the Attribute Mappings look correct for your environment. Each of the New Relic attributes shown in the list must receive a value.
Ensure that the Azure Active Directory attributes shown in the list on the left are good sources for the information to send to New Relic. In particular, not all environments set the mail attribute. If your environment does not set the mail attribute, userPrincipalName could be a good alternative.
- Leave the switch for Enabled set to Off until you're done with the user and group configuration in the next section. Once all configuration is ready, return to this page and set the switch to On.
- Click Save.
Here's an example of a filled-in attribute mapping page with the default values. Your values may be configured differently depending on your situation.
After saving the provisioning rules, the New Relic SCIM/SSO application is ready to provision any changes made to users assigned to the application. Continue with the following section to assign users and groups to the New Relic SCIM/SSO application.
Assign users and groups
After the New Relic SCIM/SSO application configuration and the New Relic side configuration is finished, you can assign users and groups to the application.
- From the New Relic SCIM/SSO application page, click on Users and groups in the sidebar.
- Click +Add user.
- From the Add Assignment page, click on Users and groups, and select the appropriate users or groups that you'd like to provision. Then click Select and Assign.
- The selected users and groups appear on the Users and groups page, indicating that they're candidates for provisioning.
- Repeat the steps to add users and groups until all desired entities have been assigned to the application.