On this page:

Most of the pages of the Controller UI are access controlled. After installing AppDynamics, you can add user accounts in the Controller UI, allowing other users to access the UI and configure AppDynamics. 

The Controller can authenticate users against local user accounts or against external LDAP or SAML-based authentication providers. For information on setting up the Controller to use an external authentication provider, see User Management

About Users, Groups, and Roles

A user can belong to one or more groups. Groups let you assign and manage roles for users collectively.

Roles are an important concept in the Controller UI. Roles determine what users can see or do in the UI, including which business applications they can monitor and the types of configuration changes they can make. Parts of the UI are not visible to users whose roles do not authorize access to those features. A user or group can have more than one role, but should have at least one.

AppDynamics comes with a set of predefined roles, but you can add your own, particularly to set up user access by business application. For more about roles, see Roles and Permissions

Accessing Authentication Settings

You can create and administer users in the Controller from the Administration page accessible in the gear icon menu. You must be logged in as a user with the account owner role in the UI to see the Settings configuration options. 

External authentication settings are configurable from the Authentication Provider tab in the Administration page. For more about setting up external authentication settings along with advanced options, see LDAP Authentication or SAML Authentication.

Authentication settings in the Controller are specific to an account within the Controller. If you have a multi-tenant on-premises Controller, each account needs to be configured with authentication settings individually.

Creating Local Users

A local user is a user whose account credentials are stored in the Controller and who is authenticated by the Controller rather than by an external authentication provider. You can create local user accounts in the Users tab of the Administration page. 

These guidelines apply to local user accounts:

After creating a user, you can modify, delete, or duplicate the user account, or assign the user to a group or role from the users tab. 

As indicated in the UI, a user should have at least one role, which you can assign directly or through a group. Without a role, a user can log in, but will not be able to do much else in the Controller UI. You can associate users with roles from the user's configuration or in the Roles tab. Under Roles, the user and group assignments appear in the Users and Groups with this Role tab.  

Be careful to avoid accidentally removing yourself from all groups or from all roles. Also, if the only roles of which you are a member are custom roles, do not delete those custom roles or remove permissions from them. Doing so can result in being locked out of the AppDynamics UI with no permissions at all. If this happens, use the built in administrator role to restore the account.

Require Strong User Passwords

As an account administrator, you can require local users (those authenticated by AppDynamics) to use strong passwords.

By default, strong password requirements are not enforced, which means that users can configure passwords of any length or complexity. To enforce strong password requirements, in the Administration page, open the Authentication Provider tab and select the Require Strong Passwords check box.

With the requirement enabled, passwords must meet the complexity requirements shown in the Authentication Provider tab of the Controller UI. The requirements include having at least eight characters, containing both upper and lower case letters, and more.

Passwords set by users after you enable this requirement must meet the requirements listed in the UI. Changing this option does not affect passwords that have already been set. That is, existing weak passwords will continue to work after you enable strong passwords.  

Create and Manage Groups

You can manage roles for local users collectively using groups in the Groups tab on the Administration page. If you are are using LDAP to authenticate all AppDynamics Controller users you do not need to create AppDynamics groups. 

After creating the group, assign users to the group by selecting the group and selecting the Member check boxes for the users to be added to the selected group or groups. Similarly, to associate the group to a role, select the Member check boxes for the roles to be associated with the selected group or groups

You can associate groups with roles from the group configuration or under Roles in the Users and Groups with this Role tab.