For an overview of our SAML SSO and SCIM docs, first read Introduction to SAML SSO and SCIM.
As an additional security measure for SAML single sign-on (SSO) accounts, users are not added until they complete the email confirmation that New Relic sends automatically. Users in the pending state (not yet confirmed) won't receive notifications, such as alerts.
For accounts without SAML SSO integration, the account Owner and Admins can add new users without requiring confirmation.
For requirements, including which New Relic users this feature applies to, see Requirements.
Follow this process to add and confirm users on our original user model that are authenticating via SAML SSO:
- The account's Owner or an Administrator adds new users: Go to: account dropdown > Account settings > Account > Summary.
- On SAML-enabled accounts, New Relic flags the users as Pending and sends an email confirmation. (Pending users will not receive notifications associated with their user role, such as alert notifications.)
- Users select the link in the email to confirm their account, which directs them to the SAML provider's login URL.
- When users successfully sign into their SAML SSO end point (Auth0, Okta, OneLogin, Ping Identity, Salesforce, etc.), New Relic flags the users as Active.
If you disable SAML SSO, New Relic automatically flags all of your Pending users as Active. If you decide to re-enable SAML SSO later, New Relic automatically flags all users except the Owner as Pending, and they will need to confirm their account access by email.
Depending on your subscription level, you may have the option to claim the domain names that you own and bypass the SAML SSO confirmation process. When the account Owner or Administrators add new users and their email address has a domain that matches the account's domains, New Relic automatically adds them as Active users.
Benefits of identifying domain ownership include:
- Adds a useful feature to your account.
- Claims domains as your own.
- Makes it easier for your employees to get started with New Relic, because they do not need to confirm their account access.
- Maintains security when adding users outside of your organization.
To flag your account as owning one or more domain names, get support at support.newrelic.com.