On this page:
The AppDynamics Controller UI imposes role-based access controls to users.
The Controller can authenticate user credentials against local user accounts or by relying on an external LDAP server or SAML-based authentication provider.
Authentication provider settings are located in the Administration tab of the AppDynamics interface:
To access the Administration settings, click Settings -> Administration. You need to be logged in as a user with the administrator or account owner role to see the Administration link in the UI.
In the Authentication Provider tab, you can choose one of three authentication options: local authentication (labelled AppDynamics), LDAP, or SAML. LDAP and SAML require additional configuration. See Related Information for additional information on completing the configuration for these authentication providers.
The other configuration option in the Administration tab, Integrations, enables you add and configure extension modules for the AppDynamics Controller. See Extensions and Integrations for more information.
Authentication settings in the Controller are specific to an account within the Controller. If you have a multi-tenant on-premise Controller, you need to configure authentication settings in each account individually.
You can use an external directory server to authenticate and authorize user access to the Controller UI. The Controller works with directory servers that comply with LDAP (Lightweight Directory Access Protocol) version 3. While the Controller should be able to work with any LDAPv3-compliant server, it has been verified against these LDAP products:
- Microsoft Active Directory for Windows Server 2008 SP2+
- OpenLDAP, 2.4+
About User Roles
Each user in the AppDynamics UI must have at least one role. The role determines what users can see or do in the UI, including which business applications they can monitor and the types of configuration changes they can make.
AppDynamics comes with a set of predefined roles, including, for example, administrator, account owner, and dashboard viewer role.
You cannot modify the built-in roles, but you can create your own. Custom roles are typically created to allocate permissions based on application, since not all users need or should have access to monitoring information for all applications.
Groups help you manage roles for a large number of users. You can create local groups in the Controller or map existing groups from an LDAP server, as described in Configure Users and Groups.