Create Full or Core, or Basic user types in Azure Active directory using SCIM

When provisioning users in Azure active directory using SCIM you might have needed to automate the user type. Below is how you would integrate this with Azure active directory so users get the correct user type assigned at time of provisioning from Azure.

  1. Make sure you have followed these steps to create an Azure Integration for New Relic.

  2. In the New Relic UI go to the User Management page and click on the Authentication Domain that you created to change the method of managing user type to SCIM as shown below.

  3. Now we will go to Active Directory user attribute mappings section as shown below. But before going to this section we need to enable the capability of editing user attribute mappings. To do this you need to go to this url https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true first which allows editing of attributes as this is hidden by default in Azure. For more information about this please read the Microsoft documentation on this https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes

  4. Click on the Show advanced options checkbox to Edit the New Relic Attribute list. You should see a screen like below

If you see a screen like below instead, that means you have not clicked on this url https://portal.azure.com/?Microsoft_AAD_Connect_Provisioning_forceSchemaEditorEnabled=true that enables the editor.

  1. Now add this New Relic attribute as a string urn:ietf:params:scim:schemas:extension:newrelic:2.0:User:nrUserType. It lets you add user type as a target attribute.

  2. Now you can pick any of your user attributes including custom ones as the source and select the new target attribute you created. In my case I used jobTitle as the source attribute. Note you can also use Expressions as long as the output for those expressions rules is Full User, Core User or Basic User

Once the provisioning is synced you should be able to see the user type provisioned in New Relic user management UI.

1 Like