This page describes user access and user types in a Cisco AppDynamics on-premises environment.
The installation of a Cisco AppDynamics on-premises Controller employs access control security. You can use the Controller to add user accounts to allow other users access and select configuration rights. The Account Owner is the predefined role with the Administer users, groups, and roles permission.
You can manage users and user access in the Controller, allowing other users to access the Controller and configure Cisco AppDynamics.
Role-Based Access Control (RBAC) Overview
Cisco AppDynamics uses Role-Based Access Control (RBAC) to set user permissions and privileges for only those functions necessary for job responsibilities. Each user account can have varying levels of access according to their role or roles. See Roles and Permissions.
The Controller can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. See External Authentication Providers for On-Premises Deployments.
A group is a collection of users with a given set of permissions that apply to the users in the group. You can use groups to manage roles collectively.
A role is a collection of permissions that define what actions a user can perform; RBAC. When you assign a role to a user, they inherit the role permissions. A user's group membership and role remain constant for the duration of their login.
Permissions grant users the ability to perform an action on the platform.
You can set permissions at a granular level to determine:
- The business applications the user can monitor.
- The parts of the UI that are visible.
- Types of configurations a user can make.
Controller User Management Overview
Cisco AppDynamics manages user credentials according to the authentication options you select in Settings
> Administration > Authentication Provider. There are three user authentication options:
| Authentication Provider | User Type | Description |
|---|
| Cisco Customer Identity | Local User | - Users authenticate through the Cisco Customer Identity (IdP).
- Cisco AppDynamics manages user account credentials.
- Can exist in parallel and access the system even when using SAML and LDAP authentication.
|
| LDAP | LDAP User | - Users authenticate through your IdP.
- You manage user account credentials through LDAP integration.
- Non-LDAP users cannot access the system unless they have also been set up as a Local User.
|
| SAML | SAML User | - Users authenticate through your IdP using the SAML 2.0 protocol.
- You manage user account credentials through SAML integration.
- Non SAML users cannot access the system unless they have also been set up as a Local User.
|
The user's email serves as their username. Only the account user can create their own password. When you add a new local user, you create is a new account entry with the proper credentials to the Controller providing the user unified access to the Account Management Portal, University, Community, and role-specific functions on the Controller.
You can create and manage users, groups, roles, and permissions through Access Management > User Management on the Accounts Management Portal.
