This page provides an overview of Security Assertion Markup Language (SAML) authentication in AppDynamics.

This page assumes a Controller and a Tenant are one and the same. 

The AppDynamics Tenant can use an external SAML identity provider (IDP) to authenticate and authorize users. See Configure Basic SAML Authentication Configuration

Supported Identity Providers

AppDynamics certifies support for the following identity providers (IDPs):

  • Okta
  • Onelogin
  • Ping Identity
  • Azure AD
  • IBM Cloud Identity
  • Active Directory Federation Service (AD FS)

Other IDPs supporting HTTP POST binding should also be compatible with AppDynamics SAML authentication. If you are having issues setting up SAML with your IDP, contact your AppDynamics account representative for help.

Binding Support

AppDynamics supports identity federation with SAML 2.0, an open standard used by many IDPs. This identity federation enables single sign-on (SSO) with HTTP POST binding for the SAML request and HTTP POST binding for the IDP response.

The bindings have the following requirements:

  • HTTP is the required transport. Optionally, you can also configure HTTPS transport.
  • The AppDynamics Tenant uses HTTP GET or POST for the authentication request to the identity provider for the sign-out message to the identity provider. The IDP also uses HTTP GET and POST to return the response.

How SAML Authentication Works with AppDynamics

With SAML authentication enabled:

  1. Navigate to your Tenant login page and enter your account name.
    The Tenant redirects you to the external SAML IDP.
  2. From the IDP, enter your credentials.
  3. The IDP redirects and logs you into the Tenant. 

To log in to the Tenant UI, users require access to both the Tenant and the identity provider service through the network from their computer. You can configure the Tenant to assign roles to authenticated users based on group attributes in their SAML responses. See Map SAML-Authenticated Users to AppDynamics Roles

Who Can Configure SAML 

Only users assigned to the AppDynamics role Account Owner can configure SAML authentication in the Tenant and assign other users to the Account Owner role. Roles govern user privileges in the Tenant UI. See Create and Manage Custom Roles