SAML Federation

This page provides guidelines for configuring basic SAML authentication through the Accounts Management Portal to access AppDynamics resources, including Community, Help, and University.

You can configure an identity provider to enable single sign-on access to your AppDynamics environment using the SAML 2.0 protocol. Refer to the documentation of your identity provider for detailed configuration instructions. You can configure SAML through the Accounts Management Portal, described here, or through the Controller Tenant. 

Configure SAML in the Accounts Management Portal

The process varies slightly based on your choice to upload your IdP data or enter it manually.

1. Log into your Account Management Portal.
2. Navigate to SAML Federation.

Step 1: Configure Your Identity Provider with AppDynamics

To upload IdP data:

1. Select Upload.
2. Retrieve the metadata file from your IdP and upload it.
3. Confirm that the auto-populated metadata information is correct. 
4. Select the proper Request Binding.
5. Click Save.

To enter IdP data manually:

1. Select Enter Manually.
2. Copy and paste the SAML configuration settings from your IdP:

   1. Single Sign-On URL: The SAML Login URL where the Controller Tenant routes login requests initiated by your Service Provider (SP). This login URL is required.

   2. X.509 Certificate: The X.509 certificate from your identity provider configuration. Paste the certificate between the BEGIN CERTIFICATE and END CERTIFICATE delimiters. Avoid duplicating BEGIN CERTIFICATE and END CERTIFICATE delimiters from the source certificate itself.  

   3. Issuer ID: The IdP URL is used as a unique identifier for your SP.
3. Select the proper Request Binding.
4. Click Save.

Step 2: Configure AppDynamics with Your Identity Provider

There are two ways to provide the AppDynamics metadata to your IdP:

• Copy the metadata provided, or
• Click Download Metadata Instead and retrieve the file from the browser download directory.

Step 3: Attribute Mapping

1. Copy the attribute names from your IdP.
2. Paste the attributes into the corresponding fields.
3. Click Apply.

Step 4: Activate Your SAML Federation

Click Activate.

Once activated, click Edit if you need to change any information.

Map Users to SAML Authentication

1. Navigate to User Management.

2. Click  and enter the user attributes.

   

   Users must have a unique, valid email associated with them for proper system authorization.

3. Select an IdP option through Authenticated By:

   • AppDynamics—AppDynamics acts as the Service Provider. The user is prompted to create a password.
   • My IdP—The user authenticates through your Service Provider. The user name must already exist in the IdP database.
4. Click Next.
   Optionally, select one or more Company Roles. If you do not select a role, the user will have very limited rights.
   • Company Admin—Can create and manage users, assign roles/licenses/Tenants, configure company preferences.
   • License Admin—Can view and assign licenses on Controller Tenants to which they are assigned.
   • Support—Can open and manage Support requests with AppDynamics. 
   • Tenant User—Can access the Controller Tenant you select with rights according to the Policy you assign.

     1. Select one, several, or all Controller Tenants to allow access.

     2. This user has the Role of Configuration Manager by default and can perform management operations on all connections and configurations in a Controller Tenant.
5. Click Save.

Verify the SAML Authentication Configuration

To verify that you configured SAML authentication correctly, navigate to accounts.appdynamics.com.

• If you chose to authenticate through your IdP, the login screen will ask for your name and redirect you to your IdP for authentication.
• If you chose to authenticate through AppDynamics, the login screen will request your name and password.