• /
  • Log in

Azure AD SCIM/SSO application configuration

Our automated user management (AUM) allows allows you to import and configure your New Relic users from your identity provider via SCIM. This guide provides Azure AD-specific details on how to configure the New Relic Azure AD SCIM/SSO application.


Before using this guide, read our AUM requirements.

Step 1. Add SCIM/SSO application

Azure AD provides an application gallery, which includes various integrations for Azure AD, including the ones that New Relic offers. Add the New Relic SCIM/SSO application to your list of applications.

  1. Go to the Azure Active Directory admin center, and sign in if necessary. https://aad.portal.azure.com/
  2. Click on All services in the left hand menu.
  3. In the main pane, click on Enterprise applications.
  4. Click on +New Application.
  5. Find our SCIM/SSO application by entering New Relic in the name search box, and click on the application New Relic by Organization.
  6. Click on Add.

Continue with the following section to connect the New Relic SCIM/SSO application to New Relic.

Step 2. Configure connection

Configure the New Relic SCIM/SSO application to automatically provision your users to New Relic.

  1. From the New Relic SCIM/SSO application page, click on the Provisioning link in the sidebar.
  2. In the main pane, click on Get started.
  3. In the Provisioning Mode pick-list, choose Automatic.
  4. In New Relic's authentication domain UI, set up a new domain with SCIM enabled.
  5. In Azure AD's New Relic SCIM/SSO app, in the Admin credentials section, fill out the Tenant URL and Secret token fields with the values provided in New Relic's authentication domain UI.
  6. To verify you can connect to New Relic, click Test Connection.
  7. When you see a message indicating verification success, click Save.

The New Relic SCIM/SSO application can now connect with New Relic. Continue with the following section to configure the provisioning rules.

Step 3. Configure provisioning rules

Initially, nothing is configured to be sent to New Relic. You must configure Azure AD to send changes for user creation, updates, and deactivation.

Go to the Provisioning page and complete the following:

  1. Expand the Mappings section.

  2. Click Provision Azure Active Directory Users.

  3. Verify the Target Object Actions Create Update and Delete checkboxes are all checked.

  4. Verify the Attribute Mappings look correct for your environment. Each of the New Relic attributes shown in the list must receive a value.


    Ensure that the Azure Active Directory attributes shown in the list on the left are good sources for the information to send to New Relic. In particular, not all environments set the mail attribute. If your environment does not set the mail attribute, userPrincipalName could be a good alternative.

  5. Leave the switch for Enabled set to Off until you're done with the user and group configuration in the next section. Once all configuration is ready, return to this page and set the switch to On.

  6. Click Save.

Here's an example of a filled-in attribute mapping page with the default values. Your values may be configured differently depending on your situation.

Screen capture showing how to set attributes.

After saving the provisioning rules, the New Relic SCIM/SSO application is ready to provision any changes made to users assigned to the application. Continue with the following section to assign users and groups to the New Relic SCIM/SSO application.

Step 4. Assign users and groups

After the New Relic SCIM/SSO application configuration and the New Relic side configuration is finished, you can assign users and groups to the application.

  1. From the New Relic SCIM/SSO application page, click on Users and groups in the sidebar.
  2. Click +Add user.
  3. From the Add Assignment page, click on Users and groups, and select the appropriate users or groups that you'd like to provision. Then click Select and Assign.
  4. The selected users and groups appear on the Users and groups page, indicating that they're candidates for provisioning.
  5. Repeat the steps to add users and groups until all desired entities have been assigned to the application.

What's next?

When you're done importing users, here are some potential next steps:

  • Users created via your identity provider start out as full users. If your organization is on New Relic One pricing, these users are billable. To convert users to free basic users, use the User management UI.
  • After adding users, you'll want to grant them access to specific New Relic accounts, specific groups, and specific roles. To learn how to do this, see Manage users.

For more help

If you need more help, check out these support and learning resources:

Create issueEdit page
Copyright © 2021 New Relic Inc.