Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Feature Idea: Provisioning Users via SAML

users
saml
feature-idea
rfb

#1

I want to use SAML SSO via OneLogin so I don’t have to manage individual user accounts anymore: just add them to OneLogin and they will get access to everything they need, based on their roles. But apparently I still need to create the user in New Relic once? I was hoping this step could also be eliminated, if New Relic would create the account on the fly on a valid SAML login?

Is this currently available, or on the roadmap?


New Relic edit

  • I want this, too
  • I have more info to share (reply below)
  • I have a solution for this

0 voters

We take feature ideas seriously and our product managers review every one when plotting their roadmaps. However, there is no guarantee this feature will be implemented. This post ensures the idea is put on the table and discussed though. So please vote and share your extra details with our team.


Can I create a new user using Rest Api calls?
Create new users using powershell
#2

Hi @janfabry,

I responded to your question in the ticket you created :slight_smile: For additional visibility for our other forum users though I will bring the answer here too.

Currently New Relic can not create user accounts every time someone new logs into your account via OneLogin. A part of the SAML Authentication process is to check that the email address included in the SAML response we receive from your Identity Provider is also on the New Relic account you are accessing. Given that step in the authentication process we cannot create new users automatically in SAML accounts.

I can certainly add it as a feature request for our product managers to review though!


#3

+1 for this feature request!

SAML assertion seems like a safe place to validate email addresses through and provision new accounts as verified.

Looking forward to updates on this topic!


#4

Hey @nathaniel.ferrell

Thanks for your input! I have gone ahead submitting your +1 here :smiley: Let me know if there is anything else I can do to help.


#5

Also a vote for this feature. I think New Relic is the only in the SaaS arena that doesn’t allow for this.


#6

hey! I’ve added a feature request for you on this too!


#7

+1 We’d also love this feature. Thanks.


#8

Thanks for your +1, @zboni ! Please be sure to also vote in the poll I have added above :arrow_up: !


#9

+1 for JIT Provisioning feature.

/Parth


#10

bump
As a tiny team with complex security requirements, we just don’t have time to individually add 100+ users to our 3 different New Relic instances manually, nor “clean them up” manually when people leave. Lots of other cloud services have implemented SAML provisioning (including giving different access by group membership).


#11

Excellent use case, @cathy.mcleod! Thank you for letting us know! Be sure to add your vote above as well and I will make sure this info gets passed along. :thumbsup:


#12

This is a major pain point for us as well - we are a growing but lean team and manually inviting everyone, and then manually removing them, is a recurring hindrance. NewRelic is our only service where we have SAML integration with OneLogin yet still must independently manage users outside OneLogin. You won’t lose us as a customer over this but it does routinely annoy everyone in Engineering here. It’s also a security gap for us as we have to ensure users are removed in multiple places (OneLogin + New Relic) when that’s a major reason we use One Login in the first place.


#13

+1 Please implement SAML provisioning and de-provisioning.


#14

Any update on this topic? We would stand to benefit from this across several of our New Relic accounts.


#15

No update to share right now, @riot_mmetcalf—thank you for checking in. I hope you voted in the poll at the top of this post so our Product Owners can properly gauge interest.

Feel free to also add your specific use case in this thread. :blush:


#16

We’re in hyper growth mode and would very much appreciate JIT provisioning or standard provisioning with the SAML protocol. Each week we have to grant access to new hires and it would shave time off our on boarding process to automate this.


#17

Hi NR,

So this feature has been requested since 2016 - what is the status please? It’s highly frustrating that NR does not support this nor support role based access control. Can someone please provide an update?

Adrian


#18

+1 yes please. It kind of defeats the purpose of automation if we can auto-provision users.


#19

+1

SAML JIT user provisioning is a step in the right direction but ideally we have full SCIM integration with our IdP to support user provisioning/deprovisioning separately from SAML.


#20

If an intermediate solution could be implemented here where an API call is exposed to allow provisioning of users, we could script around this if doing full SAML “JIT” provisioning is too hard for your team.

I imagine such an API call could also let people fine tune exactly what permissions they’d like to give users when auto provisioning.