Your data. Anywhere you go.

New Relic for iOS or Android

Download on the App Store    Android App on Google play

New Relic Insights App for iOS

Download on the App Store

Learn more

Close icon

Best Practice Guide: Account Management



If you’re new to New Relic, you’re in a perfect position to set yourself up for success later on.

One part of that, is ensuring your user permissions are set appropriately. The resources below will help you out with that.


You can manage who has access to your accounts in the Users and Roles page:{AccountID}/users

There you’ll see everyone’s Base Role, along with any Add-On Roles your users have.


The Base Role determines what these people can do by default. Add-Ons allow extra permissions on a per-product basis. For example, a USER with the Alerts Manager Add-On Role will be able to create Alert Conditions, a USER with no Add-Ons will not be able to create Alert Conditions.

It’s important to note that USER above is in reference to the USER base role.

People in your account with the Admin base role have full admin permissions in the account for almost all features.

The difference between Admin, and Owner, are that Owners have access to view and edit billing details, and enable such things as High Security Mode & Single Sign-On.

It’s important to set these appropriately, as Admin permissions allow for certain account configuration changes. So only those who need it should be made Admins. Everyone else should be either a User, or a Restricted User with the appropriate Add-On Roles.

More information on Users and Roles here:
Information on how you can change who is the Owner of your account: Relic Solution: How do I change my account owner?


By default you and your team will log in directly to - using New Relic Credentials.

If you add new users from the Users and Roles page, they will get an email asking them to confirm their email address, and create their account password.

Single Sign-On

If your organisation enforces Single Sign-On, below are some details for you.

  • Single Sign-On in New Relic is a global setting. ALL USERS will login via SSO, there will be no ability to log in directly with New Relic later on.

  • Enabling Single Sign-On will delete your Admin API Keys - Please get in touch with New Relic Support before enabling if this is a problem for you.

    • When you enable SSO, all users must re-authenticate for the first time via your Single Sign-On Provider. These users are set to a Pending state on the New Relic side, which effectively removes them from the account. Thus revoking any permissions / API Keys they have.
  • Much of the Single Sign-On Configuration is handled on the SSO Provider side, with very little to do in the New Relic Account. Therefore there is limited support New Relic can provide. Please do post your questions here #support-products-agents:sales-accounts - and we will help if we can.


A subsection of SSO is Automated User Management, and if you are using Okta, or OneLogin as a SSO provider, then you can integrate with New Relic in such a way to automate user management. Docs on this are linked below.

Here are some resources that should help:

Account Hierarchy

New Relic Accounts can live in a 2 Layer set up - one parent account to many sub-accounts.

All Users on parent accounts can access all sub-accounts. However, users on sub-accounts can only access the accounts they are explicitly listed on. See the below diagram:

See more resources on Accounts and Hierarchy here: