This page provides an overview of managing users and groups in AppDynamics.
Most Controller UI pages are access controlled. After you install AppDynamics, you can add user accounts in the Controller UI, allowing other users to access the UI and configure AppDynamics. The Account Owner is the predefined role with the Administer users, groups, and roles permissions.
The Controller can authenticate users against local user accounts or external LDAP or SAML-based authentication providers. See Update the Root User and Glassfish Admin Passwords.
Users, Groups, and Roles
A user can belong to one or more groups. Groups let you assign and manage roles for users collectively.
Roles are an essential concept in the Controller UI. Roles determine what users can see or do in the UI, including which business applications they can monitor and the types of configuration changes they can make. Parts of the UI are not visible to users whose roles do not authorize access to those features. A user or group can have more than one role but should have at least one.
AppDynamics comes with a set of predefined roles, but you can add your own, particularly to set up user access by the business application. See Roles and Permissions.
Accessing Authentication Settings
You create and administer users in the Controller from the Administration page accessible through Settings. You must be logged in as a user with the Account Owner role in the UI to see the Settings configuration options.
You can create an API Client from the API Clients tab on the Administration page. You can use the API Client to provide secure access to the Controller through REST API calls. See API Clients.
Authentication settings in the Controller are specific to an account within the Controller. If you have a multi-tenant on-premises Controller, each account needs to be configured with authentication settings individually.
Creating Local Users
A local user is a user whose account credentials are stored in the Controller and who is authenticated by the Controller rather than by an external authentication provider. You can create local user accounts by navigating to Users > Administration.
These guidelines apply to local user accounts:
Because of browser incompatibilities, AppDynamics recommends using only ASCII characters for usernames and passwords.
- Choose at least one role for the new user. If you do not choose a role before saving, a warning message appears in the UI. You can assign the user to a role later, but the user will not be able to use any features in the UI until assigned a role.
After creating a user, you can modify, delete, or duplicate the user account, or assign the user to a group or role from the Users tab.
If the deleted user owns a custom dashboard, then the dashboard and its associated shares and reports cease to function properly, and this dialog displays to confirm deletion:
See Dashboard Recovery.
As indicated in the UI, a user should have at least one role, which you can assign directly or through a group. Without a role, a user can log in, but will not be able to do much else in the Controller UI. You can associate users with roles from the user's configuration or navigate to Roles > Users and Groups with this Role to see the user and group assignments.
Be careful to avoid accidentally removing yourself from all groups or from all roles. Also, if the only roles of which you are a member are custom roles, do not delete those custom roles or remove permissions from them. Doing so can result in being locked out of the AppDynamics UI with no permissions. If this happens, use the built-in administrator role to restore the account.
Require Strong User Passwords
As an account administrator, you can require local users (those authenticated by AppDynamics) to use strong passwords.
By default, strong password requirements are not enforced, which means that users can configure passwords of any length or complexity. To enforce strong password requirements, in the Administration page, navigate to Authentication Provider > Require Strong Passwords checkbox and enable the requirement.
With the requirement enabled, passwords must meet the complexity requirements shown in the Authentication Provider tab of the Controller UI. The requirements include having at least eight characters, containing both upper and lower case letters, and more.
Passwords set by users after you enable this requirement must meet the requirements listed in the UI. Changing this option does not affect previously set passwords. Existing weak passwords will continue to work after you enable strong passwords.
Create and Manage Groups
You can manage roles for local users collectively by navigating to Groups > Administration and selecting the groups. If you are using LDAP to authenticate all AppDynamics Controller users, you do not need to create AppDynamics groups.
After creating the group, assign users to the group by selecting the group and selecting the Member checkboxes for the users to be added to the selected group or groups. Similarly, to associate the group to a role, select the Member checkboxes for the roles to be associated with the selected group or groups.
You can associate groups with roles from the group configuration or under Roles > Users and Groups with this Role.