Manage Controller Users and Groups

This page describes how to manage users and groups in your Splunk AppDynamics on-premises environment.

The Splunk AppDynamics on-premises Controller can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. See Update the Root User Password.

Users, Groups, and Roles

A user can belong to one or more groups. Groups let you assign and manage roles for users collectively.

Roles are an essential concept in the on-premises Controller. Roles determine what users can view or perform on the Controller, including which business applications they can monitor and the types of configurations they can make. Parts of the Controller are not visible to users whose roles do not authorize access to those features. A user or group can have more than one role but should have at least one.

Splunk AppDynamics comes with a set of predefined roles, but you can add your own, particularly to set up user access by the business application. See Roles and Permissions. 

Authentication Options

Log in to the Controller as an administrator and navigate to Settings> Administration > Authentication Provider. See LDAP for On-Premises Deployments or Configure Basic SAML On-Premises Authentication.

Select the API Clients tab to create an API Client. You can use the API Client to provide secure access to the Controller through REST API calls. See API Clients.

Authentication settings in the Controller are specific to an account within the Controller. If you have a multi-tenant on-premises Controller, you must configure authentication settings for each account individually.

Create Local Users

Local user account credentials reside in the Controller and the Controller authenticates the user rather than authentication by an external provider. You can create local user accounts by navigating to Users > Administration. 

These guidelines apply to local user accounts:

• Because of browser incompatibilities, Splunk AppDynamics recommends using only ASCII characters for usernames and passwords.

• Choose at least one role for the new user. The user will not be able to use any features in the Controller until you assign a role.

After creating a user, you can modify, delete, or duplicate the user account, or assign the user to a group or role from the Users tab. 

If a deleted user owns a custom dashboard, then the dashboard and its associated shares and reports cease to function properly, and this dialog displays to confirm deletion:

See Dashboard Recovery.

You can associate users with roles from the user's configuration or navigate to Roles > Users and Groups with this Role to see the user and group assignments.  

Do not remove yourself from all groups or from all roles. If you are a member of custom roles only, do not delete those custom roles or remove permissions. Doing so can result in being locked out of the Controller. If this happens, use the built-in administrator role to restore the account.

Require Strong User Passwords

As an account administrator, you can require local users (those authenticated by Splunk AppDynamics) to use strong passwords.

Enforcement of strong password requirements is not automatic. Users can configure passwords of any length or complexity unless you enforce strong password requirements. Navigate to Settings> Administration > Authentication Provider. Mark the Require Strong Passwords checkbox to enable the requirement. 

Once set, passwords must meet the complexity requirements shown in the Authentication Provider tab. The requirements include having at least eight characters, containing both upper and lower case letters, and so on.

Passwords set by users after you enable this requirement must meet the requirements of the Controller. Changing this option does not affect previously set passwords. Existing weak passwords will continue to work after you enable strong passwords.  

Create and Manage Groups

You can manage roles for local users collectively by navigating to Groups > Administration and selecting the groups. If you are using LDAP to authenticate all Splunk AppDynamics Controller users, you do not need to create Splunk AppDynamics groups. 

• To assign users to the group, select the group and check the Member checkboxes for the users.
• To associate the group with a role, check the Member checkboxes for the roles.
• To associate groups with roles, use the group configuration or navigate to Roles > Users and Groups with this Role.