New Relic

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for New Relic using SAML.

About New Relic

New Relic provides deep performance analytics for every part of the software environment. Use New Relic to easily view and analyze massive amounts of data and gain actionable insights into real-time for apps, users, and business.

After integrating New Relic with Oracle Identity Cloud Service:

  • Users can access New Relic using their Oracle Identity Cloud Service login credentials.
  • Users can start New Relic using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the New Relic app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A New Relic account with authorization rights to configure federated authentication.
  • Make sure that the email ID of each user in New Relic matches the primary email ID of the Oracle Identity Cloud Service account.

Configuring the New Relic App in Oracle Identity Cloud Service

Use this section to register and activate the New Relic app, and then assign users to the app.

Prerequisite Steps

A verified account ID is required before you can register and activate the New Relic app. You obtain that account ID from New Relic.

To obtain the account ID:

  1. Access New Relic as an administrator at: https://login.newrelic.com/login.

  2. Select Account Settings from the user navigation menu, and then select Single sign-on. The SAML CONFIGURE page appears.

  3. Copy the account ID from the Assertion Consumer URL.

    Image img1.png displays the New Relic SAML CONFIGURE page with the account ID in the Assertion Consumer URL highlighted.

Registering and Activating the New Relic App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for New Relic, and then click Add.

  4. In the App Details section, enter your Account ID, and then click Next.

    Note: This is the account ID value that you obtained while performing the steps in the "Prerequisite Steps" section.

  5. Click Download IDCS Certificate.

    Tip: You use this file later during the New Relic configuration in the "Configuring SSO for New Relic" section.

  6. Click Finish. Oracle Identity Cloud Service displays a confirmation message.

  7. Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the New Relic App

  1. On the New Relic app page in Oracle Identity Cloud Service, select the Users tab, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to New Relic, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the New Relic app is assigned to the users that you selected.

Configuring SSO for New Relic

  1. Access New Relic at: https://login.newrelic.com/login/, and then select Account settings from the user navigation menu.

  2. On the Account Settings page, click Single sign-on from the left navigation menu.

  3. On the CONFIGURE step page, use the table to update the federated authentication attributes, and then click Save my changes.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    Upload a new certificate Click Browse files, and then upload the certificate that you downloaded during the New Relic registration in Oracle Identity Cloud Service. See the "Registering and Activating the New Relic App" section.
    Remote login URL Enter the Sign-in URL and SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso
    Logout landing URL Enter the Sign-out URL/SLO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/slo

  4. On the TEST step page, click Test SAML Login. The page re-directs the browser to Oracle Identity Cloud Service for testing the SAML Login. After the test is complete, a success message appears on the TEST step page.

    Image img2.png displays Test your SAML configuration section with Test SAML Login button highlighted. The page displays the message Your SAML integration was successful. You can now enable SAML for your account.

  5. On the ENABLE step page, click Enable SAML Login to enable SSO for the user.

    Note: Enabling SAML login deactivates the ability to log in using the user name and password. Remain logged in to the New Relic session until you complete the next section to verify that Identity Provider initiated SSO from Oracle Identity Cloud Service works.

Verifying the Integration

Use this section to verify that SSO works when initiated from Oracle Identity Cloud Service (IdP Initiated SSO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Services My Profile console: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the New Relic app. Oracle Identity Cloud Service displays a shortcut to New Relic under My Apps.

  3. Click New Relic. The New Relic home page appears.

  4. In the upper-right corner of the New Relic home page, confirm that the user that is logged in is the same for both New Relic and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

New Relic displays the message “no matching user exists"

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in New Relic.

Solution: Ensure that the user that you assign to the New Relic app has an account in both Oracle Identity Cloud Service and New Relic with the same email address.

New Relic displays the error message “You are not authorized to access the app. Contact your System administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service New Relic app and New Relic is deactivated or the administrator has revoked the user's access to New Relic.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then New Relic.
  • Click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the New Relic app using Oracle Identity Cloud Service.

Solution 2: Access the Oracle Identity Cloud Service administration console, select Applications, New Relic, Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.