With Partner accounts, authentication to sign in to New Relic is controlled by the partnership. For accounts where the partnership supports SSO, users may access their New Relic UI without reauthenticating. These Partner accounts could use SAML SSO as an alternative secure method to sign in to the New Relic site.
Other Partner accounts, including Heroku, AppDirect, and Microsoft Azure, do not permit direct login to New Relic. In this situation, SAML integration from the partner's site is not supported by the partner SSO. If you have questions, contact your partner representative at New Relic.
For requirements, including which New Relic users this feature applies to, see Requirements.
Your account structure and settings affect whether SAML is available and how it applies to your accounts.
This example shows the hierarchy for New Relic Partner accounts with master accounts and sub-accounts.
Here is an example of how accounts and sub-accounts inherit the SAML SSO configuration.
SAML SSO configuration
The partnership level allows you to control whether accounts under the partnership can have SAML enabled. The partnership account's Owner has certain administrative functions, but a SAML configuration on this account is not inherited by other accounts in the partnership.
Master accounts have a direct, hierarchical relationship to one or more sub-accounts. Typically the SAML configuration on a master account is inherited automatically by all of its sub-accounts.
Sub-accounts inherit their SAML SSO configuration from their master account when the master account has SAML configured. If the master account does not have SAML configured, each sub-account may have its own configuration. For more information, see Configuring SAML with multiple accounts.