Click the Start a free trial link to start a 15-day SaaS trial of our product and join our community as a trial user. If you are an existing customer do not start a free trial.
AppDynamics customers and established members should click the sign in button to authenticate.
We added the SAML Authentication Provider to our AppDynamics Controller. When a user logs in for the first time the SAML Attributes get mapped to the AppDynamics Attributes Username, Display Name, and Email.
Changes to Display Name or Email in the IdP don't get updated in AppDynamics, even if the Attributes in the SAML Response are correct.
Is there a way to force an update to the user attributes? Or is it possible to delete a user and recreate it with the next login?
Once you login user will be created in the system. If you change any of the attributes it will create a new user. You can delete an existing user with the REST API.
Please refer following document and below description -
curl -X DELETE -u user1@customer1 http(s)://<controller-host>:<controller-port>/controller/api/rbac/v1/users/<user-id>
Replace user1 with your Admin user, customer1 with your account name, <controller-host> with the actual host and <controller-port> with the actual port.
Replace the <user-id> with the ID which you want to delete.
To get the User ID run the following query.
Select id, name, email, security_provider_type from user where name=<user-name> and account_id=2 and security_provider_type = 'SAML';
Replace <User-name> with the name of the user which you want to delete. The above query will return the Id of the user, use that ID and execute the rest API.
Thank you for your answer. The way to delete a SAML users really helped.
But Appdynamics does not create a new user when an attribute is changed. It just ignores it.
The SAML Attribute in the ticket looks like this:
<saml:Attribute FriendlyName="lastname" Name="lastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">"NAME1"</saml:AttributeValue>
if i change the name from "NAME1" to "NAME2" AppDynamics still shows the old name and no new user is created.
And even if it did this would lead to a lot of Problems - there could be multiple users with the same username and password.
The new user is created in the AppDynamics database once the user is logged in, did you try to login after the login? Let me know if we can have a call to discuss the issue.
Did AppDynamics ever fix the code? We are running OnPrem on version 4.3.3.
We just implemented the use of SAML on our Dev Controller. We have three controllers (Dev, QA, Prod). My first time logging in, using SAML, the attributes were incorrect, so SAML passed through userid to the Name and User fields. I've since correct it, and the key field (username) is correct, but the name field (full name) is still my userid. Does AppD have any plans to fix this and update the fields with what SAML is passing through?
What if someone in my org gets married, changes her last-name, legally, then gets her name changed in our company? Will she still be known as her maiden last name, in AppD? The way it's coded in AppD her last name will never change. And if it does, a new user will not be created.
Based on what I read in this thread the issue still exists.
I'm aware I can use a curl command to delete the user. It's not a preferred solution, but I'm sure it works.
I spoke with some people and was told this, we do sync the SAML attributes on subsequent logins. this was implemented with version 4.5 of the controller."
Ryan, Cisco AppDynamics Community Manager
Found something helpful? Click the Accept as Solution button to help others find answers faster.
Liked something? Click the Thumbs Up button.
Check out Observabiity in Action
new deep dive videos weekly in the Knowledge Base.