This supplemental guide provides Azure AD specific details on how to configure the New Relic Azure AD SCIM/SSO application. This connects your organization's users to New Relic, and allows them to easily use single sign-on into New Relic. This supplemental guide is meant to be used along with the main automated provisioning guide.
Add SCIM/SSO application
Azure AD provides an application gallery, which includes various integrations for Azure AD, including the ones that New Relic offers. Add the New Relic SCIM/SSO application to your list of applications.
- Go to the Azure Active Directory admin center, and sign in if necessary. https://aad.portal.azure.com/
- Click on All services in the left hand menu.
- In the Main pane, click on Enterprise applications to navigate to the Enterprise applications page.
- Click on the button labeled +New Application.
- Find the New Relic SCIM/SSO application by entering New Relic in the name search box, and click on the application titled New Relic by Organization.
- Click on the button labeled Add.
Continue with the following section to connect the New Relic SCIM/SSO application to New Relic.
Configure the New Relic SCIM/SSO application to automatically provision your users to New Relic.
- From the New Relic SCIM/SSO application page, click on the Provisioning link in the sidebar.
- In the main pane, click on the button labeled Get started.
- In the Provisioning Mode pick-list, choose Automatic.
- In the Admin Credentials section, fill the Tenant URL and Secret Token fields with the values that have been provided to you by New Relic.
- To verify you can connect to New Relic, click the Test Connection button.
- When you see a message indicating verification success, click the Save button.
The New Relic SCIM/SSO application can now connect with New Relic. Continue with the following section to configure the provisioning rules.
Configure provisioning rules
Initially, nothing is configured to be sent to New Relic. You must configure Azure AD to send changes for user creation, updates, and deactivation.
Go to the Provisioning page and complete the following:
- Expand the Mappings section.
- Click Provision Azure Active Directory Users.
- Verify the Target Object Actions Create Update and Delete checkboxes are all checked.
- Verify the Attribute Mappings look correct for your environment. Each of the NewRelic attributes shown in the list must receive a value.
You need to ensure that the Azure Active Directory attributes shown in the list on the left are good sources for the information to send to New Relic. In particular, not all environments set the mail attribute. If your environment does not set the mail attribute, userPrincipalName could be a good alternative.
- Leave the switch for Enabled set to Off until you are done with the user and group configuration in the next section. Once all configuration is ready, return to this page and set the switch to On.
- Click the Save button.
Here is an example of a filled in Attribute Mapping page with the default values. Your values may be configured differently depending on your situation.
After saving the provisioning rules, the New Relic SCIM/SSO application is ready to provision any changes made to users assigned to the application. Continue with the following section to assign users and groups to the New Relic SCIM/SSO application.
Assign users and groups
After the New Relic SCIM/SSO application configuration and the New Relic side configuration is finished, you can assign users and groups to the application.
- From the New Relic SCIM/SSO application page, click on the Users and groups link in the sidebar.
- From the Users and groups page, click the +Add user button.
- From the Add Assignment page, click on Users and groups, and select the appropriate users or groups that you would like to provision. Then click Select and Assign.
- The selected users and groups appear on the Users and groups page, indicating that they are candidates for provisioning.
- Repeat the steps to add users and groups until all desired entities have been assigned to the application.