This page describes managing a user on a Tenant. 

What is a Tenant?

An AppDynamics Controller can host one or more accounts, where each account represents one tenant on that Controller.

AppDynamics cloud-based Software as a Service (SaaS) deployment is a multi-tenant environment that allows you to access multiple tenants independently. On-premises deployments are single-tenancy by default, however, you can enable multi-tenancy if necessary. See Multi-Tenant On-Premises Accounts.

Whether you have a SaaS deployment or on-premises deployment, you can manage users through the Tenant UI. While both deployments provide an administrative UI, user functionality differs slightly. Once set up, you can add user accounts in the Tenant UI, allowing other users to access the UI and configure AppDynamics. 

Role-Based Access Control (RBAC) Overview

AppDynamics uses Role-Based Access Control (RBAC) to set user permissions and privileges for only those functions necessary in defined job responsibilities. Each user account can have varying levels of access based on their role(s). See Create and Manage Custom Roles.

The tenant can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. The user account for a SaaS Tenant user authenticates through the AppDynamics Identity Provider (IdP) in the Cloud rather than by an external authentication provider. See External Authentication Providers

group is a collection of users with a given set of assigned permissions that apply to the users in the group. Groups are used to manage roles for users collectively. 

role is a collection of permissions that define what actions a user can perform; RBAC. When a user is assigned a role, they inherit the specified permissions. A user's group membership and defined role remain constant for the duration of their login. 

Permissions grant users the ability to perform an action on the platform. You can set permissions at a granular level to determine:

  • Which business applications the user can monitor.
  • What parts of the UI are visible.
  • Types of configuration changes a user can make.

AppDynamics University offers courses in Administrator functions.

Tenant User Management Overview

AppDynamics user credentials are managed according to the authentication options selected in SettingsAdministration > Authentication Provider. There are three user authentication options:

Authentication ProviderUser TypeDescription
AppDynamicsLocal User

Managing a Local User through the Tenant UI affects permissions for that tenant only. The user account retains Active status with existing permissions on other associated Tenants. Use the Account Management Portal to fully deactivate or edit an account for all AppDynamics components and Tenants simultaneously. 

  • Users authenticate through AppDynamics IdP for SaaS deployment.
  • AppDynamics manages user account credentials. 
  • User type can exist in parallel and access the system even when using SAML and LDAP authentication.
LDAPLDAP User
  • Users authenticate through your IdP.
  • You manage user account credentials through LDAP integration. 
  • Non-LDAP users cannot access the system unless they have also been set up as a Local User.
SAMLSAML User
  • Users authenticate through your IdP using the SAML 2.0 protocol.
  • You manage user account credentials through SAML integration.
  • Non SAML users cannot access the system unless they have also been set up as a Local User.

With a SaaS deployment, when you add a new local user through the Tenant UI, an email is sent to that user's valid address prompting them to create their own profile name and password. The user's email serves as their username. Only the account user can create their own password. Once completed, an account with the proper credentials is added to the tenant and authenticated through the AppDynamics IdP providing the user unified access to the Account Management PortalUniversityCommunity, and role-specific functions on the Tenant UI. 

You can create and manage users, groups, roles, and permissions on the corresponding page through SettingsAdministration.