This page provides instructions for configuring Single Sign-on (SSO) through Security Assertion Markup Language (SAML).

You can configure an Identity Provider (IdP) to enable single sign-on access to your AppDynamics environment. AppDynamics can authenticate and authorize users through the AppDynamics IdP or through an external SAML 2.0 protocol IdP. Refer to the documentation of your identity provider for detailed configuration instructions. See Configure SAML Authentication for the Identity Provider.

This document uses the term Tenant to refer to both a Cloud Tenant and a Controller Tenant.

Supported Identity Providers

AppDynamics certifies support for the following IdPs:

  • Okta
  • Onelogin
  • Ping Identity
  • Azure AD
  • IBM Cloud Identity
  • Active Directory Federation Service (AD FS)

Other IdPs supporting HTTP POST binding should also be compatible with AppDynamics SAML authentication. If you are having issues setting up SAML with your IdP, contact your AppDynamics Account Representative for help.

Configure SAML Authentication for the Identity Provider

You must have the company admin role to perform these functions.
To access SAML configuration, navigate to Account Management Portal.

SAML Settings for the Identity Provider

Your identity provider requires information about your Tenant for the SAML settings. The <domain> is the domain of one of the Tenants.

SettingDescription
Issuer ID (Service Provider Entity ID)

The unique identifier intended for the SAML assertion. In most cases, it is the Service Provider Entity ID, unless the Service Provider decides to use a different identifier.

Single Sign-On URL (Assertion Consumer URL)

The AppDynamics endpoint to service SAML Authentication. You need to specify your AppDynamics account name with the query string parameter accountName as shown with the following syntax and example:

SAML Attributes for the Identity Provider

You set attributes with your identity provider that map to SAML users in your AppDynamics account. Once set, the user's information displays in the Tenant UI. Changes to these attributes on the IdP will update the mapped SAML attributes on Tenant when the user successfully logs in.

The table shows how IdP example attributes map to the First Name, Last Name, and Email attribute settings of the Tenant.

Example Attribute NameExample Attribute ValuesDescription
First NameJane

Informal name for the user corresponding to the AppDynamics firstName field.

Last NameDoeInformal name for the user corresponding to the AppDynamics lastName field. 
EmailJane.Doe@company.comUser's email address corresponding to AppDynamics emailAddress field. The value must be unique among all SAML users in the AppDynamics account.

Configure SAML Authentication

The processes described here vary slightly based on your choice to upload your IdP data or to enter it manually.

The following steps assume you have access to your IdP and standard knowledge of SAML configuration.

Step 1: Configure Your Identity Provider with AppDynamics

You can either upload a[metadata].xml file from your IdP or enter the information manually.

To upload IdP metadata:

    1. Select Upload.

    2. Retrieve the metadata file from your IdP and upload it. The data will auto-populate.

    3. Confirm that the uploaded metadata information is correct. 

    4. Select the proper Request Binding.

    5. Click Apply.

To enter IdP metadata manually:

    1. Select Enter Manually.

    2. Copy and paste the SAML configuration settings from your IdP:

      1. Single Sign-On URL: The SAML sign-in URL where the Tenant routes sign-in requests initiated by your Service Provider (SP). This sign-in URL is required.

      2. X.509 Certificate: The X.509 certificate from your identity provider configuration. Paste the certificate between the BEGIN CERTIFICATE and END CERTIFICATE delimiters. Avoid duplicating BEGIN CERTIFICATE and END CERTIFICATE delimiters from the source certificate itself.  

      3. Issuer ID: The IdP URL is used as a unique identifier for your SP.

    3. Select the proper Request Binding.

    4. Click Apply.

You can Edit the information before activation.

Step 2: Configure AppDynamics with Your Identity Provider

You must provide the AppDynamics metadata to your Identity Provider.

You can either:

    • Copy the metadata supplied and provide your IdP with the information manually or
    • Click Download Metadata Instead and provide the file to your IdP.

Step 3: Attribute Mapping

You can specify how the Tenant identifies SAML-authenticated users.

These attributes identify the SAML user:

    • First Name Attribute: Informal name for the user corresponding to the AppDynamics firstName field.
    • Display Name Attribute: Informal name for the user corresponding to the AppDynamics lastName field. 
    • Email Attribute: User's email address corresponding to AppDynamics emailAddress field. The value must be unique among all SAML users in the AppDynamics account.

Enter your IdP data.

    1. Locate and copy the attribute names from your IdP.

    2. Paste the attributes into the corresponding fields.

    3. Click Apply.

Step 4: Activate Your SAML Federation

You must activate your SAML configuration for AppDynamics to authenticate users through your IdP or to add new users associated with your IdP.

Click Activate.

You can now map users to the SAML IdP through User Management. See Create a New User.

Verify SAML Authentication Configuration

To verify that you configured SAML authentication correctly, navigate to accounts.appdynamics.com.

  • If you chose to authenticate through your IdP, the sign-in screen asks for your name and redirects you to your IdP for authentication.

  • If you chose to authenticate through AppDynamics, the sign-in screen requests your name and password.