New Relic supports the SCIM 2.0 standard for automatically provisioning users. By configuring an Okta SCIM application, you can automatically send any user permissions changes you make within Okta to New Relic. New Relic users can thus be created, updated, and deactivated all from Okta, without the separate step of having to use a New Relic UI or API.
This guide describes how to configure an Okta SCIM application to connect your organization's users to New Relic.
The New Relic Okta SCIM service is currently available only as a closed beta. In order to get access, please work with your New Relic account team.
Before using the procedures in this guide, you must have worked with your New Relic account team to get your organization configured in the New Relic systems. This is necessary to participate in the beta.
You will need to provide the following information:
- Your organization name
- List of New Relic account IDs to associate with the organization
After your organization is configured, you will be given the following information:
- SCIM 2.0 base URL
- OAuth bearer token
- Login page URL
Use this information in the following procedures.
Okta provides an application that supports connecting to a SCIM 2.0 provider, including the one that New Relic offers. Add the Okta SCIM application to your list of applications.
- Go to the Okta web site and sign in with an Okta account that has admin permissions.
- From the Okta home page, select Admin.
- From the Okta admin dashboard page, select Add Applications.
- In the search field, enter
SCIM 2.0 Test App (OAuth Bearer Token), then select Add.
- In the
Application labelfield, enter a meaningful name for the application; for example,
New Relic SCIM 2.0. Then select Next.
- To complete adding the application, scroll to the bottom of the page, then select Done.
Continue with the following procedure to connect the Okta SCIM application to New Relic.
After you add the Okta SCIM application, you must configure it to communicate with New Relic.
- From the Okta SCIM application page, select Provisioning.
- From the Provisioning tab, select Configure API integration, then select Enable API integration.
- In the
SCIM 2.0 Base Urland
OAuth Bearer Tokenfields, enter the values that have been provided to you by New Relic.
- To verify you can connect to New Relic, select Test API credentials.
- When you see a message indicating verification success, select Save.
The Okta SCIM application can now connect with New Relic. Continue with the following procedure to configure the provisioning rules.
Initially, nothing is configured to be sent to New Relic. You must configure Okta to send changes for user creation, updates, and deactivation.
- From the Provisioning tab, select To App (default), then select Edit.
- Click the checkboxes for Create Users > Enable, Update User Attributes > Enable, and Deactivate Users > Enable, then select Save.
The Okta SCIM application is now ready to provision any changes made to users assigned to the application. Continue with the following procedure to assign users to the Okta SCIM application.
Recommendation: During the beta period, only assign users you want to participate in the beta to the Okta SCIM application. There are several ways to assign users to an application in Okta. For example:
- From the Okta SCIM application page, select Assignments.
- Select Assign > Assign to people.
- Find the user on the popup page, select the user's Assign button, then select Save and Go Back.
- Repeat step 3 for each user you want to assign to the application.
- When finished, select Done.
Any assigned user IDs will immediately be sent to New Relic and available to use in the next steps.
The first thing users need to do is change their password. To do this, go to New Relic's "forgot password" page at login.newrelic.com/passwords/forgot.
Once the password is reset, users may login to New Relic. The login page URL to use for your organization will be provided to you.
During the beta period, there are some limitations, including:
Known limitations during beta
Separate login URL
Automatically provisioned users cannot authenticate using SSO. Instead, they must enter a password in the login page URL provided by New Relic.
Restricted user permissions
Users will be automatically provisioned as restricted users. During the beta they cannot yet be assigned additional permissions or API keys.
UI may produce errors
Some pages in the UI will produce errors. Please use the Back button and don't be discouraged if you find a page with an error. We are working to resolve these!
Please reach out to your account team if you need assistance using the New Relic Okta SCIM service.