Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

SAML Integration Broke Account


#1

I am on a free trial account, and things were working great. I enabled the SAML integration with it, and for about 5 minutes, we couldn’t log in at all, and then I (the owner) could login but everything in the account is missing. It even changed the organization name, used to be [MYORG]_1 and now it’s just [MYORG]. All the users and integrations are gone. Can I get this reverted?


#2

We originally had account # 2470291 as Hyperdyne_1, after I setup SSO using Auth0 for the account it would not let me login, saying “Single Sign-On authentication succeeded but no matching user exists for this account. Please contact your administrator.” Well, I am the administrator. Eventually, using my non-sso password and user account, it let me login, but now the account is actually a whole new, empty Rewrelic account, with ID 2470289 and the name Hyperdyne. It lost my integration information and all the users. If I try to navigate to https://rpm.newrelic.com/accounts/2470291, I get the “SSO success no matching account error”, so I am effectively locked out of my account and in some strange new netherworld, where I don’t have the free trial stuff (which I need to sell this to the higher ups). Please remove the SSO from 2470291 and nuke the new one!


#3

Hey @charlie7 - SSO integration will never create accounts. It’s likely that the Hyperdyne account you were redirected to is one that has existed but never been noticed.

The SSO integration would also never affect any data reporting to the account - so rest assured that even though you may be having trouble logging in, your data will still be there.


An important thing to note is that as soon as sso is enabled all users get switched over to a pending state. Your users will stay in this state until such a time that they accept an email invitation.

The error you see:

Single Sign-On authentication succeeded but no matching user exists for this account

Can have a few causes - some of those are:

  1. The email address being passed to New Relic from the SSO provider doesn’t match.
    • This is a hard one to troubleshoot - since the SAML integration is case sensitive. It could appear as though your users are on the account - but if your SSO Provider is sending New Relic an email address with different capitalisation, it could cause this issue.
  2. The user in question has yet to accept the email invite.
    • As I mentioned - all users get set to a pending state, meaning that in the User list all users will be there (though with a red pending note attached). However on the backend the users aren’t actually on the account until such a time that they accept the invite. Therefore you’ll receive no matching user errors as you have.
  3. The user simply doesn’t exist.
    • All users must be listed on both the SSO provider side, and the New Relic side before they can log in. It appears as though you are all set on the SSO side, since the error you get notes Single Sign-On authentication succeeded - but it’s possible that your users aren’t all listed on the New Relic side.

The most common of those 3 causes is 2. Where account admins are unaware that all users switch to pending and the users in the account don’t accept the email invite.


I know - this information isn’t the most helpful when you’re stuck locked out of your account - so I’m going to get a private support ticket created for you - we’ll continue to work with you there to get SSO disabled.

If you have any questions before you get SSO re-enabled afterwards though please feel free to ask here or in your ticket :slight_smile: