This page describes managing a user on a Tenant.
What is a Tenant?
An AppDynamics Controller can host one or more accounts, where each account represents one tenant on that Controller.
AppDynamics cloud-based Software as a Service (SaaS) deployment is a multi-tenant environment that allows you to access multiple tenants independently. On-premises deployments are single-tenancy by default, however, you can enable multi-tenancy if necessary. See Multi-Tenant On-Premises Accounts.
Whether you have a SaaS deployment or on-premises deployment, you can manage users through the Tenant UI. While both deployments provide an administrative UI, user functionality differs slightly. Once set up, you can add user accounts in the Tenant UI, allowing other users to access the UI and configure AppDynamics.
Role-Based Access Control (RBAC) Overview
AppDynamics uses Role-Based Access Control (RBAC) to set user permissions and privileges for only those functions necessary in defined job responsibilities. Each user account can have varying levels of access based on their role(s). See Create and Manage Custom Roles.
The tenant can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. The user account for a SaaS Tenant user authenticates through the AppDynamics Identity Provider (IDP) in the Cloud rather than by an external authentication provider. See External Authentication Providers.
A group is a collection of users with a given set of assigned permissions that apply to the users in the group. Groups are used to manage roles for users collectively.
A role is a collection of permissions that define what actions a user can perform; RBAC. When a user is assigned a role, they inherit the specified permissions. A user's group membership and defined role remain constant for the duration of their login.
Permissions grant users the ability to perform an action on the platform. You can set permissions at a granular level to determine:
- Which business applications the user can monitor.
- What parts of the UI are visible.
- Types of configuration changes a user can make.
Tenant User Management Overview
AppDynamics user credentials for both SaaS and on-premises deployments are managed according to the authentication options selected in Settings> Administration > Authentication Provider. There are three user authentication options:
|Authentication Provider||User Type||Description|
Managing a Local User through the Tenant UI affects permissions for that tenant only. The user account retains Active status with existing permissions on other associated Tenants. Use the Account Management Portal to fully deactivate or edit an account for all AppDynamics components and Tenants simultaneously.
With a SaaS deployment, when you add a new local user through the Tenant UI, an email is sent to that user's valid address prompting them to create their own profile name and password. The user's email serves as their username. Only the account user can create their own password. Once completed, an account with the proper credentials is added to the tenant and authenticated through the AppDynamics IDP providing the user unified access to the Account Management Portal, University, Community, and role-specific functions on the Tenant UI.
With an on-premises deployment, when you add a new local user through the Tenant UI, an account with the proper credentials is created and stored on that tenant.
You can create and manage users, groups, roles, and permissions on the corresponding page through Settings> Administration.