This tutorial will walk you through some common procedures for managing users on the New Relic One user model.
Some notes on who this tutorial is for and requirements:
- This tutorial is for managing users on our New Relic One user model.
- Assigning new group access grants requires Pro or Enterprise edition. For details, see user management requirements.
- Role requirements:
- Using the Organization and access UI to manage group access requires Authentication domain manager and Organization manager roles.
- Using the User management UI to add/edit users requires Authentication domain manager role.
Before using this tutorial, we first recommend reading these docs:
This tutorial will walk you through how to:
- View available accounts
- How to grant groups access to roles and accounts
- How to create custom roles
- How to add users to groups
Understanding the accounts in your New Relic organization is important for granting groups access, because you must choose what accounts to grant them access to.
To view the accounts in your organization: go to the account dropdown, click Administration, click Organizations and access, and then click Accounts.
Groups are used to manage what your users are able to do in New Relic. By default, organizations on the New Relic One account/user structure have two available groups: Admin and User. These default groups automatically have access to specific standard roles and are assigned to the account in which they were initially added. If you have Pro or Enterprise edition, you have the ability to create new groups and new roles, and to assign groups to other accounts in your organization.
Note that you can also import users from your identity provider.
To view existing group access grants: from the account dropdown, click Administration, and then click Organization and access.
To grant a user group access to a role and an account:
- From the Organization and access UI, click Group access.
- Complete the UI prompts to assign an existing group or a new group access to a specific role on a specific account. If you have questions about these concepts, see User management concepts.
- Optional: To give a group the ability to manage other users, under Scope, select Organization and choose the Authentication domain manager role. For more on the difference between organization- and account-scoped roles, see Standard roles. (Note that these users must also have an account-scoped role. Without that, you may see a message that the user doesn't belong to an organization.)
- Optional: to continue adding access for the same group, select Add another at the bottom before clicking Add access.
Some important tips to understand when managing groups:
- If a group has basic users in it, their basic user status overrides any group-related restrictions.
- When you create a new group, note that your users don't have access to that group until both of these steps are done: 1) The group has been granted access, and 2) Users have been added to that group.
When granting a group access to roles and accounts, you can use our default standard roles that have default capabilities, or you can create your own roles with unique sets of capabilities.
To view existing roles: from the account dropdown, click Administration, then click Organization and access, and then click Roles.
To create a custom role, click Add new custom role. Note that there are some hidden capabilities that are not available for adding to a custom role. For details, see Capabilities.
To learn more about how roles and groups relate, see User management concepts.
If you've created a new group, you must make sure that the users are added to that group. If users don't have the group assigned, no access will be granted.
Groups reside within the boundaries of an authentication domain. If your organization has more than one authentication domain, the domain switcher in the top left will show which one you’re in.
To add a user, click Add user. Complete the prompts in the UI, including choosing the user type and group. Any custom groups you’ve added should be available from the group dropdown. If the custom group you choose has been granted access to a role and an account, once you add the user to that group, that user will now have access.
To edit a user’s group or other details: click on the user you want to edit and make changes.