Integrate New Relic
New Relic is a Web application performance service that works in real-time with live Web apps. (see https://newrelic.com). You can protect access to New Relic by integrating New Relic with Identity as a Service. Once integrated, users can use single sign-on to log in to their New Relic account through Identity as a Service.
Note: This integration was tested using Identity as a Service version 5.17 and New Relic Release. Other versions of Ring Central may require integration and configuration steps that differ from those documented in this procedure. For other versions of Ring Central, this integration guide may be used as an initial approach for integrating New Relic. In the event of other issues, contact support@entrust.com for assistance.
Before you begin
New Relic has two user models:
Original user model—New Relic organization created before July 30, 2020.
New Relic One user model—Model used by Identity as a Service.
Attention: If you did not migrate your original New Relic user model to New Relic One, you need to migrate to the New Relic One user model before you begin the integration with Identity as a Service. For more information, see https://docs.newrelic.com/docs/accounts/accounts-billing/new-relic-one-user-management/authentication-domains-saml-sso-scim-more/#requirements.
To integrate New Relic One with Identity as a Service, you must do the following:
Step 1: Copy the SAML configurations from Identity as a ServiceStep 1: Copy the SAML configurations from Identity as a Service
Copy the SAML Configuration from Identity as a Service
Log into your Identity as a Service administrator account.
Click 
> Security > Applications. The Applications Lists page appears.
Under SAML Cloud Integrations, click SAML Configuration. The SAML Configuration dialog box appears.
This dialog box contains information you need to configure your SAML application for Identity as a Service authentication.
Do one of the following:
Leave this dialog box open to reference later in this procedure.
Copy the Entity ID, Single Sign-on URL, and Single Logout URL to a text file and save it to reference later in this procedure.
Note: Depending on the integration you are performing, you may not need all three of these SAML configuration values.
Step 2: Export the SAML signing certificate from Identity as a ServiceStep 2: Export the SAML signing certificate from Identity as a Service
Export a SAML signing certificate
Log in to your Identity as a Service administrator account.
Click > Security > Applications. The Applications List page appears.
Under SAML Cloud Integrations, click SAML Signing Certificates. The SAML Signing Certificates page appears.
Click 
next to the certificate to export the certificate you want to import into your SAML service provider application. The Export Certificate dialog box appears.
If the certificate has been issued by a CA, do one of the following:
Click Certificate to export the self-signed certificate.
Click Root CA Certificate to export a certificate issued from a CA.
Click Certificate Chain to export the SAML signing certificate and its CA certificates.
Click Export.
Step 3: Configure New Relic for Identity as a ServiceStep 3: Configure New Relic for Identity as a Service
Configure New Relic for Identity as a Service
In a Web browser, enter https://login.newrelic.com.
Log in to your New Relic administrator account.
Click
and select Administration
from the drop-down menu. The Administration
page appears.
Click Organization & access. The Organization page appears.
Click Authentication Domains. The Authentication Domains page appears.
In the Authentication pane, click Configure and then do the following:
For Method of authenticating users, select SAML SSO.
Open a text editor such as Notepad and copy and save the Assertion consumer URL and the Our entity ID URL. You need these URLs in Step 4: Add New Relic to Identity as a Service.
Scroll to Source of SAML Metadata and select Upload a certificate.
Click Choose File, and browse to select the SAML certificate you exported in Step 2: Export the SAML signing certificate from Identity as a Service.
In the SSO target URL field, paste the Single Sign-On URL you copied in Step 1: Copy the SAML configurations from Identity as a Service.
Scroll to the top of the Authentication pane and click Save.
Click Save Changes on the confirmation prompt.
Step 4: Add New Relic to Identity as a ServiceStep 4: Add New Relic to Identity as a Service
Add New Relic to Identity as a Service
Log into your Identity as a Service administrator account.
Click > Security > Applications. The Applications Lists page appears.
Click Add. The Select an Application Template page appears.
Do one of the following:
Select SAML Cloud Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.
- or -
In the Search bar, enter a search option to filter for the application you want to add to IDaaS.
Click New Relic. The Add New Relic page appears.
Enter an Application Name.
Enter an Application Description.
Optional. Add a custom application logo.
Click 
next to Application Logo. The Upload Logo dialog box appears.
Click 
to select an image file to upload.
Browse to select your file and click Open. The Upload Logo dialog box reappears showing your selected image.
If required, resize your image.
Click OK.
Select the Authentication Flow that appears to users during login.
Click Next. The General page appears.
In the Default Assertion Consumer Service URL field enter the Assertion consumer URL you copied in Step 3: Configure New Relic for Identity as a Service.
In the Service Provider Entity ID (Issuer) field enter the Our entity ID URL you copied in Step 3: Configure New Relic for Identity as a Service.
Optional. Enter the SAML Username Parameter Name used to identity the user ID being requested for authentication. The user ID can then be passed as a parameter, for example, Username=jdoe. Alternately, if the SAML username is NameID, the SAML Request XML NameID element value is used to the identify the IDaaS userID.
Enter the SAML Session Timeout to the time when the SAML Assertion times out. The maximum is 720 minutes.
From the SAML NameID Attribute drop-down list, select Email.
From the SAML NameID Encoding Format drop-down list, select Email.
From the SAML Signature Algorithm drop-down list, select SHA512.
Select the SAML Signing Certificate from the drop-down list.
Select Sign Complete SAML Response.
Deselect Enable Go Back Button if you do not want users to be able to go back to the New Relic login page to log in.
Select Show Default Assertion Consumer URL Service in the My Profile. When selected, the Default Assertion Consumer URL appears in a user's My Profile page in addition to relay states and Alternative Assertion Consumer URLs.
Optional. Add Alternative Assertion Consumer Service URLs, as follows:
Click Add.
Enter a Name.
Enter a URL Value.
Select Show in My Profile to display the Alternative Consumer Service URL in a user's My profile page.
Optional. Add an Application Logo.
Click Add.
Repeat these steps to add more Alternative Assertion Consumer Service URLs.
Click Submit.
Step 5: Add a resource ruleStep 5: Add a resource rule
Step 6: Test the integrationStep 6: Test the integration
Testing Service Provider Login
Open a Web browser and enter the URL for your New Relic account. You are directed to Identity as a Service.
Enter your Mew Relic account User ID and click Next.
Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to New Relic page.
Testing Identity as a Service redirect log in
Log in to your Identity as a Service account.
Go to your My Profile page if you are not already there.
Under Applications, click New Relic.
Respond to the second-factor authentication challenge. If you respond successfully, you are logged in to New Relic.