• /
  • Log in
  • Free account

Okta SCIM: Assign users with automated provisioning (beta)


New Relic supports the SCIM 2.0 standard for automatically provisioning users. By configuring an Okta SCIM application, you can automatically send any user permissions changes you make within Okta to New Relic. New Relic users can thus be created, updated, and deactivated all from Okta, without the separate step of having to use a New Relic UI or API.

This guide describes how to configure an Okta SCIM application to connect your organization's users to New Relic.


The New Relic Okta SCIM service is currently available only as a closed beta. In order to get access, please work with your New Relic account team.



Before using the procedures in this guide, you must have worked with your New Relic account team to get your organization configured in the New Relic systems. This is necessary to participate in the beta.

You will need to provide the following information:

  • Your organization name
  • List of New Relic account IDs to associate with the organization

After your organization is configured, you will be given the following information:

  • SCIM 2.0 base URL
  • OAuth bearer token
  • Login page URL

Use this information in the following procedures.

Add Okta SCIM application

Okta provides an application that supports connecting to a SCIM 2.0 provider, including the one that New Relic offers. Add the Okta SCIM application to your list of applications.

  1. Go to the Okta web site and sign in with an Okta account that has admin permissions.
  2. From the Okta home page, select Admin.
  3. From the Okta admin dashboard page, select Add Applications.
  4. In the search field, enter SCIM 2.0 Test App (OAuth Bearer Token), then select Add.
  5. In the Application label field, enter a meaningful name for the application; for example, New Relic SCIM 2.0. Then select Next.
  6. To complete adding the application, scroll to the bottom of the page, then select Done.

Continue with the following procedure to connect the Okta SCIM application to New Relic.

Connect to New Relic

After you add the Okta SCIM application, you must configure it to communicate with New Relic.

  1. From the Okta SCIM application page, select Provisioning.
  2. From the Provisioning tab, select Configure API integration, then select Enable API integration.
  3. In the SCIM 2.0 Base Url and OAuth Bearer Token fields, enter the values that have been provided to you by New Relic.
  4. To verify you can connect to New Relic, select Test API credentials.
  5. When you see a message indicating verification success, select Save.

The Okta SCIM application can now connect with New Relic. Continue with the following procedure to configure the provisioning rules.

Configure provisioning rules

Initially, nothing is configured to be sent to New Relic. You must configure Okta to send changes for user creation, updates, and deactivation.

  1. From the Provisioning tab, select To App (default), then select Edit.
  2. Click the checkboxes for Create Users > Enable, Update User Attributes > Enable, and Deactivate Users > Enable, then select Save.

The Okta SCIM application is now ready to provision any changes made to users assigned to the application. Continue with the following procedure to assign users to the Okta SCIM application.

Assign users

Recommendation: During the beta period, only assign users you want to participate in the beta to the Okta SCIM application. There are several ways to assign users to an application in Okta. For example:

  1. From the Okta SCIM application page, select Assignments.
  2. Select Assign > Assign to people.
  3. Find the user on the popup page, select the user's Assign button, then select Save and Go Back.
  4. Repeat step 3 for each user you want to assign to the application.
  5. When finished, select Done.

Any assigned user IDs will immediately be sent to New Relic and available to use in the next steps.

Change user password

The first thing users need to do is change their password. To do this, go to New Relic's "forgot password" page at login.newrelic.com/passwords/forgot.

Once the password is reset, users may login to New Relic. The login page URL to use for your organization will be provided to you.

Known limitations (beta)

During the beta period, there are some limitations, including:

Known limitations during beta


Separate login URL

Automatically provisioned users cannot authenticate using SSO. Instead, they must enter a password in the login page URL provided by New Relic.

Restricted user permissions

Users will be automatically provisioned as restricted users. During the beta they cannot yet be assigned additional permissions or API keys.

UI may produce errors

Some pages in the UI will produce errors. Please use the Back button and don't be discouraged if you find a page with an error. We are working to resolve these!

For more help

Please reach out to your account team if you need assistance using the New Relic Okta SCIM service.

Create issueEdit page
Copyright © 2021 New Relic Inc.