• /
  • ログイン
  • 無料アカウント

Okta SCIM/SSO application configuration

Our automated user management (AUM) allows allows you to import and configure your New Relic users from your identity provider via SCIM. This guide provides Okta specific details on how to configure the New Relic Okta SCIM/SSO application.

Requirements

Before using this guide, read our AUM requirements.

Step 1. Add SCIM/SSO application

Add the New Relic SCIM/SSO application to your Okta applications.

  1. Go to okta.com/ and sign in with an account that has administrator permissions.
  2. From the Okta home page, click on Admin.
  3. From the Okta admin Dashboard, choose the Applications page. Click Add Application.
  4. In the search field on the Okta Add Applications page, enter "New Relic by Organization" and then click on the application when it shows in the search results.
  5. From the New Relic by Organization page, click on Add.
  6. From the Add New Relic by Organization page, check the two Application Visibility "Do not display..." checkboxes and click on Done. We will make the application visible later after configuration is complete and provisioning has begun.

Step 2. Configure provisioning

Configure the New Relic SCIM/SSO application to automatically provision your users to New Relic.

  1. From the New Relic SCIM/SSO application page, click on the Provisioning tab.
  2. From the Integration form, click on Configure API Integration.
  3. Check the Enable API integration checkbox.
  4. In New Relic's authentication domain UI, set up a new domain with SCIM enabled. From the authentication domain UI, get the SCIM bearer token and input it in the New Relic SCIM/SSO app's API token field.
  5. Optional: click on Test API Credentials to verify a SCIM connection can be established to New Relic. If a connection can be established, a success message is displayed. If a connection was not established, re-enter the API Token and try the test again.
  6. Click Save. Note that the save process does a test of the API credentials. If a connection is not established to New Relic, the save will fail.
  7. On the newly displayed To App form, click on Edit.
  8. Check the Enable checkbox in the Create Users, Update User Attributes, and Deactivate Users sections.
  9. Click Save.

Step 3. Assign users and groups

After the New Relic SCIM/SSO application provisioning configuration and the New Relic side SSO configuration is finished, you can assign users to the application.

Assigning users is done using two different tabs on the the New Relic SCIM/SSO application page. We recommend having your New Relic users selected on the Assignments tab and their associated groups selected on the Push Groups tab.

Assignments tab

  1. From the New Relic SCIM/SSO application page, click on the Assignments tab.
  2. From the Assignments form, click on Assign.
  3. From the pop up menu, click on Assign to Groups.
  4. From the Assign ... to Groups form, click on Assign for the group you wish to assign to the application.
  5. Optional: in the Time zone field, enter the default time zone for members of the group. Members without a time zone configured, will use the group time zone. Time zone affects how date/times are shown in New Relic. Time zone is specified in IANA Time Zone database format, also known as the "Olson" time zone database format (e.g., "America/Los_Angeles").
  6. Click on Save and Go Back.
  7. Repeat the steps to add a group until all desired groups have been assigned to the application.
  8. Click Done.

Push groups tab

  1. From the New Relic SCIM/SSO application page, click on the Push Groups tab.
  2. From the Push Groups form, click on Push Groups.
  3. From the pop up menu, click on Find groups by name.
  4. From the Push Groups to... form, in the search field enter the first few characters of the name of the group you want to send to New Relic. Leave the Push group memberships immediately checkbox checked.
  5. Click on your group in the pop up search results list.
  6. In the Match result & push action section, No Match found should be displayed, meaning that the group does not yet exist at New Relic. Leave the selector set to Create Group and leave the default name for the group. The intent here is to have a group of the same name created at New Relic.
  7. If this is the last group you wish to send to New Relic, click on Save. Otherwise, if you have more groups to configure, click on Save & Add Another and repeat the steps to add a group.

Step 4. Additional considerations

In this section we discuss other important things to know when using the New Relic SCIM/SSO application. This section includes tips to work around potential issues that could cause undesired results when integrating between Okta and New Relic.

Moving users between groups

When moving a user between groups, you must manually synchronize the old group's membership with New Relic. This is because Okta does not send a SCIM request to remove a user from a group. So, the admin needs to push the old group's membership to New Relic manually to inform New Relic that the user is no longer a member of the old group.

Here are the steps to manually synchronize a group's membership:

  1. From the New Relic SCIM/SSO application page, click on the Push Groups tab.
  2. From the Push Groups form, open the pick list on the desired group's button under the Push Status column.
  3. From the displayed pick list on the button, click Push now. This causes an immediate synchronization of the group's membership with New Relic.

What's next?

When you're done importing users, here are some potential next steps:

  • Users created via your identity provider start out as full users. If your organization is on New Relic One pricing, these users are billable. To convert users to free basic users, use the User management UI.
  • After adding users, you'll want to grant them access to specific New Relic accounts, specific groups, and specific roles. To learn how to do this, see Manage users.

その他のヘルプ

さらに支援が必要な場合は、これらのサポートと学習リソースを確認してください:

問題を作成するこのページを編集する
Copyright © 2020 New Relic Inc.