Unable to enable SSO on of the New Relic accounts

I’m trying to enable SSO on one of the New Relic accounts with OKTA. I’m able to configure and test the SAML configuration out of the 3 steps as an account owner, but when I go and try to enable SSO on the account, it ends up in HTTP 500 response.
Testing the SAML is successful using both with and without Custom Entity ID in the configuration for the account, but enabling fails in both the cases.

Note: Testing re-directs me to OKTA URL login page wherein once authenticated I’m routed to New Relic URL.

Any assistance in this case would be appreciated.

Hey @pillaivinil - Can you share a link to the account?

Being able to Test SSO on the account successfully is a good sign, the 500 error implies a timeout when SSO is enabled more globally on an account.

Testing only affects you, the user testing SSO. Whereas enabling SSO impacts every user on the account, so there’s a possibility that there is something in the account, or a user in the account that is hindering SSO.

This sometimes comes up in cases where accounts have gotten their New Relic Account Manager added to them. Users with a @newrelic.com mail address can sometimes cause these 500 errors, as they are users with elevated permissions, being NR Staff.

If you do have any NR users on the accounts, please remove those through the Users and Roles page and try enable SSO again.

If you do not, let us know the account ID and we’ll see what we can spot by looking into the account.

1 Like

Thanks @RyanVeitch & team. I had to do the following to enable successful integration with OKTA on an account.

  1. Remove any user having email ids not associated within the OKTA (Org/AD) domain (including any @newrelic.com users)
  2. Whitelist the domain with New Relic by raising a request
  3. Ensuring the user email ids in the New Relic account matches exactly in the AD group and appropriate details are passed on from OKTA to the domain controller for authentication.

Next work will be on roles and privilege management. I wish there was an option to download user reports and details of access with timestamp (currently it just shows us the date of access) from the New Relic user management profile. As this would help anyone for auditing purposes.

Glad you got it working @pillaivinil - I’d suggest adding your vote over here:

To add your voice to the feature idea for more detailed user logs.

1 Like