With Partner accounts, authentication to sign in to New Relic is controlled by the partnership. For accounts where the partnership supports SSO, users may access their New Relic UI without reauthenticating. These Partner accounts could use SAML SSO as an alternative secure method to sign in to the New Relic site.
Other Partner accounts, including Heroku, AppDirect, and Microsoft Azure, do not permit direct login to New Relic. In this situation, SAML integration from the partner's site is not supported by the partner SSO. If you have questions, contact your partner representative at New Relic.
For requirements, including which New Relic users this feature applies to, see Requirements.
Your account structure and settings affect whether SAML is available and how it applies to your accounts.
This example shows the hierarchy for New Relic Partner accounts with parent accounts and child accounts.
Here is an example of how accounts and child accounts inherit the SAML SSO configuration.
SAML SSO configuration
The partnership level allows you to control whether accounts under the partnership can have SAML enabled. The partnership account's Owner has certain administrative functions, but a SAML configuration on this account is not inherited by other accounts in the partnership.
Parent accounts (also referred to as master accounts) have a direct, hierarchical relationship to one or more child accounts. Typically the SAML configuration on a parent account is inherited automatically by all of its child accounts.
Child accounts (also known as sub-accounts) inherit their SAML SSO configuration from their parent account when the parent account has SAML configured. If the parent account does not have SAML configured, each child account may have its own configuration. For more information, see Configuring SAML with multiple accounts.