Splunk AppDynamics SaaS User Management

This page describes managing a user in the Splunk AppDynamics SaaS Controller Tenant UI. 

User management through the Controller Tenant UI affects that Tenant only. You can use the Account Management Portal to manage the global aspects of Splunk AppDynamics user accounts. See Global Accounts Administration.

What is a Controller Tenant?

A Splunk AppDynamics Controller can host one or more accounts. Each account represents one Tenant on that Controller.

The Splunk AppDynamics cloud-based Software as a Service (SaaS) deployment is a multi-tenant environment that allows you to access multiple Controller Tenants independently. Every Splunk AppDynamics SaaS Controller Tenant has one license associated with it.

You can manage users and add user accounts in the Controller Tenant UI, allowing other users to access the Tenant and configure Splunk AppDynamics. 

Role-Based Access Control (RBAC) Overview

Splunk AppDynamics uses Role-Based Access Control (RBAC) to set user permissions and privileges for only those functions necessary in defined job responsibilities. Each user account can have varying levels of access based on their role(s). See Manage Custom Roles for Splunk AppDynamics.

The Controller Tenant can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. The user account for a Controller Tenant user authenticates through the Cisco Customer Identity (IdP) in the cloud rather than by an external authentication provider. See External Authentication for SaaS Deployments. 

A group is a collection of users with a given set of permissions that apply to the users in the group. You can use groups to manage roles collectively 

A role is a collection of permissions defining user actions; RBAC. When you assign a role to a user, they inherit the role permissions. A user's group membership and role remain constant for the duration of their login. 

Permissions grant users the ability to perform an action on the platform. You can set permissions at a granular level to determine:

• The business applications the user can monitor.
• The parts of the UI that are visible.
• Types of configurations a user can make.

Splunk AppDynamics University offers courses in Administrator functions.

Controller Tenant User Management Overview

Splunk AppDynamics user credentials for SaaS and on-premises deployments are managed according to the authentication options selected in Settings> Administration > Authentication Provider. There are three user authentication options:

Authentication Provider	User Type	Description
Cisco Customer Identity	Local User	Managing a Local User through the Controller Tenant UI affects permissions for that Controller Tenant only. The user account retains Active status with existing permissions on other associated Controller Tenants. Use the Account Management Portal to fully deactivate or edit an account for all Splunk AppDynamicscomponents and Controller Tenants simultaneously.  Users authenticate through the Cisco Customer Identity (IdP) for SaaS deployment. Splunk AppDynamics manages user account credentials.  Can exist in parallel and access the system even when using SAML and LDAP authentication.
LDAP	LDAP User	Users authenticate through your IdP. You manage user account credentials through LDAP integration.  Non-LDAP users cannot access the system unless they have also been set up as a Local User.
SAML	SAML User	Users authenticate through your IdP using the SAML 2.0 protocol. You manage user account credentials through SAML integration. Non-SAML users cannot access the system unless they have also been set up as a Local User.

With Splunk AppDynamics SaaS, when you add a new local user through the Controller Tenant UI, an email is sent to that user's valid address prompting them to create their own profile name and password. The user's email serves as their username. Only the account user can create their own password. Once completed, an account with the proper credentials is added to the Controller Tenant and authenticated through the Cisco Customer Identity (IdP) providing the user unified access to the Account Management Portal, University, Community, and role-specific functions on the Controller Tenant UI. 

With an on-premises deployment, when you add a new local user through the Controller Tenant UI, an account with the proper credentials is created and stored on that Controller Tenant.

You can create and manage users, groups, roles, and permissions on the corresponding page through Settings> Administration. See Manage Controller Tenant Users and Groups and Manage Custom Roles for Cisco AppDynamics.