Starting April 12, 2021, we're allowing some customers who have users on our original user model to self-serve and migrate those users to be on the New Relic One user model.
On July 30 2020, we released a new and improved account/user model called the New Relic One user model. The newer model offers a much simpler, more efficient way to manage users and what they have access to (learn more about the benefits of the new model).
At first, this new model was available mainly to new customers, and our existing customers' users remained on our original user model. Now some of our original-model customers can use a migration wizard in the UI to convert their users to the new model. When the migration process is complete, your users will be on the New Relic One user model and you’ll have new procedures for managing your users.
The easiest way to see if you have access to the user migration wizard is to check if it’s visible in the UI.
Factors affecting access to the migration wizard:
- You must have the Owner role.
- The migration wizard is not available for some organizations that have a more complex account structure. If the migration wizard is not available and you wish to migrate your users, contact your New Relic account representative.
The more complex your organization is, the more it may help you to first understand our new user management concepts. A brief summary:
- Users reside within a container known as an “authentication domain,” which governs how those users are added to New Relic (manually with the UI vs. automatically with a SCIM-based identity provider), and how they log in (manually with email/password vs. using SAML SSO), and other settings. Typically organizations have just one or two domains: one with the default manual settings and one for the more automatic methods.
- Users can be assigned to one or more groups (for example, our default Admin group or a custom group like Contractors). For large organizations, users are often in multiple groups.
- When you want to add new groups, or give groups access to more accounts, you must create an access grant. This assigns a group access to: 1) a specific role and 2) a specific account. For example, you may give a Contractors group access to our default All product admin role on one or more of your accounts, or give that group a custom role (a role being a custom set of capabilities).
The more complex your organization is, the more it may help you to first plan out how your user groups and access grants will be structured.
If you meet the requirements, you can use the wizard. To start using the migration wizard:
- From one.newrelic.com, click Apps in the top navigation and then click the User migration walkthrough app.
- Optional: if you have problems, see Tips.
Once your users are migrated to the new model, you can find and manage them by clicking the account dropdown, clicking Administration, and using these UI pages:
- User management: use this to view and add users, change their type (basic vs. full), change their group, and approve user upgrade requests.
- Organization and access: use this to create access grants (granting groups access to roles and accounts), and configure authentication domains (SAML SSO settings and SCIM settings, and more).
For more about these tools, see the new user management docs.
The migration wizard is meant to have all the context you need to complete the migration process but here are some tips for potential areas of confusion:
- Guided setup vs. automatic setup: Simple organizations with few users and few accounts, and who have little need for users to have separate roles or separate account access, may decide to choose the automatic setup. If you require some user access customization, or if your users use SAML SSO to sign in or are managed via an identity service provider (like Okta), use the guided setup.
- Once an account’s Owner does the initial step in the wizard of migrating admins, those admins are then able to access and complete the remainder of the migration wizard.
- The migration wizard gives you an option to download a full list of your existing original user model users (aka v1 users) before choosing to migrate users. We recommend downloading that file because it can serve as a useful reference and, in case it’s needed, as a backup file.
- To check on the status of your user migration, you can go to the User management UI to see which users are on the new model.
- After migration, some users may end up with access to logins for both an original model account and a new model account, both associated with a single email address. This is because our original user model allowed a user, with a single login, to access data from multiple organizations (a common scenario for contractors, for example). But the new user model gives more user control to organizations, and this means that these users now need a different login for each organization. If a user previously had access that spanned multiple organizations, they retain an original user record until migration is completed for all associated organizations. When a user has an email address associated with multiple logins, they'll be asked to verify their email.
If your email address is associated with multiple logins, you can verify your email to see those accounts. In the example above, the “Original New Relic account” refers to that user record being on the older, original account/user model.
If you need more help, check out these support and learning resources:
- Browse the Explorers Hub to get help from the community and join in discussions.
- Find answers on our sites and learn how to use our support portal.
- Run New Relic Diagnostics, our troubleshooting tool for Linux, Windows, and macOS.
- Review New Relic's data security and licenses documentation.