If you want to implement New Relic's automated user management (AUM) and import your users from an identity provider, first read Introduction to AUM to learn about supported identity providers and when you'd want to use our SCIM API, documented below.
Before using our SCIM API, you must first enable SCIM for an authentication domain.
New Relic’s SCIM service provider follows the SCIM 2.0 API as described in RFCs 7643 and 7644. You do not need to implement all aspects of the SCIM 2.0 specification to integrate your user information with New Relic. In fact, the New Relic service provider itself does not implement all aspects of the specification. This document describes the features from the specification available for an integration with New Relic.
Authentication is done using a bearer token. This bearer token is specific to your New Relic Authentication Domain.
The New Relic service provider supports the following SCIM resources:
Service provider config ,
Resource type and
Search are not supported. For more information on how the RFC describes the resource endpoints, see RFC 7644 SCIM Protocol Specification.
New Relic uses a subset of the available fields in the SCIM core schema. Other SCIM fields are ignored if they are included in incoming requests. The fields used by New Relic are:
SCIM Field Name
Required. Name of the group.
List of users in the group.
SCIM Field Name
Unique identifier for the user used by your system.
Required. Unique identifier for the user within New Relic’s system. Use the user’s email address.
Last name of the user.
First name of the user.
Required. Email address of the user.
Required. Time zone of the user in IANA Time Zone database format, also known as the "Olson" time zone database format (e.g., "America/Los_Angeles").
Required. Boolean indicating whether or not the user should be active or inactive within New Relic.
List of groups to which the user belongs.
SCIM provides several options for manipulating groups and users. The New Relic service provider supports the following options.
When configuring, be aware that:
- Only simple filtering is supported. The
eqoperator may be used with a basic filter expression. For example,
“displayName eq "Example Group 1”. Other operators are not supported.
PUTupdates do not require that all fields be included. Fields that are not included will not be changed. When doing a
PUT, if a required field already has the appropriate value, it is not necessary to include the field.
Supported actions are:
This section describes areas where the New Relic SCIM service provider deviates from the SCIM protocol RFC 7644. Section numbers refer to RFC section numbers.
Items in this section could change as we work to bring our service provider into full compliance with the RFC.
RFC section name
RFC section number
Service Provider Configuration Endpoints
Bearer Token and Cookie Considerations
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.