Hi New Relic Explorers! My name is Nicole and I work on the Business Support Engineering team. Our team specializes in providing support for issues regarding Account Access and Security - this includes troubleshooting New Relic related Single Sign-On (SSO) errors.
For an overview of Single Sign-On SSO and Identity Service Providers (IDP), check out this document, here.
In this post, I’m going to share a common login error message (see below) New Relic users encounter when they have SSO enabled on their account, and what you can do to avoid/resolve it:
"Single Sign-On authentication succeeded but no matching user exists for this account. Please contact your administrator."
What does it mean when you get this error when you go to login to your New Relic account?
This error indicates one of three things:
The IDP you’re using is sending New Relic an email address that doesn’t exist within a New Relic account. In this case, an Admin or Owner on the account can add the user email the New Relic account. For a quick reference, I linked a document that goes over adding users, here.
The user has not accepted their user invite email. For this, you will need to check your email inbox and accept the user invite email. If necessary, an Admin or Owner on the account can resend the invite email to you within the Users & Roles page.
- The email that is being sent by the IDP does not match an email within New Relic. This could mean that either on the IDP side or the New Relic account side, the email was misspelled or the wrong email was added. Even if one character is off on one of the emails, this error will be thrown.
For SSO authentication, the user emails must be present on both the New Relic account and IDP, and the emails must be identical. For example, if the user email listed on the New Relic account is, firstname.lastname@example.org, then the email, email@example.com, needs to be listed on the IDP as well.
If you encounter this error, you should confirm that the email listed on the New Relic account matches the one listed on the IDP side exactly (Often times this means reaching out to your internal IT department).
If this error persists, you can reach out to New Relic Support on the Support Landing Page to further troubleshoot. We’re here for you
Are you setting up SAML SSO on your account for the first time? Check out this forum post to be set up for success: Relic Solution: Read this before you enable Single Sign On (SSO)