Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.
Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community
on
03-21-2023
10:59 AM
- edited on
09-12-2023
10:06 AM
by
Claudia.Landiva
FOR NOTIFICATION UPDATES — Click the caret menu above right, then Subscribe.
Beginning with our SaaS Controller release in April 2023, AppDynamics-managed user accounts will begin migrating to the AppDynamics Identity Provider. With the AppDynamics Identity Provider, users will benefit from single sign-on access to Controller tenants and other AppDynamics resources, as well as best-in-class identity management.
This article gives the reasons and benefits for this change, outlines the migration timing and process, and explains the continued user experience.
Beginning with our SaaS Controller release in April 2023, local (AppDynamics managed) user accounts will begin the process of migrating to the AppDynamics Identity Provider.
As we previously announced, AppDynamics managed user accounts added from the 21.11 release onward are already part of our AppDynamics Identity provider, which gives the benefit of single sign-on (SSO) across Controller tenants and access to all resources available at our AppDynamics website (such as University, Support, and Community). Further, these accounts are protected by a best-in-class identity provider, enabling proper security and a platform for continued improvement in account security options.
In order to ensure all older AppDynamics-managed user accounts gain all the same benefits, they will need to be migrated to this identity system. Our aim in the migration is to avoid disruption and provide a simple process. The migration process is user-driven and triggered after a successful login. Once a user migrates successfully, all their future logins on that Controller account will use the new user account with a username equal to their email address. They will retain all previous access without interruption.
Upon successful login using a user account that has not yet been migrated, the user will be prompted to complete the migration process for the account. Users may choose to skip the process up to 3 times.
What about users who already have an AppDynamics Identity Provider account?
In some cases, users already have accounts in the AppDynamics Identity Provider. This is true for users whose user email is listed in the Accounts Management Portal as created by the administrator. Typically, this is because they have completed training, filed Support tickets, or participated in Community posts. For these users, the migration process will result in their local Controller user account being migrated to their existing AppDynamics identity.
Once a user's account is migrated on a specific Controller account, they will access this Controller account using their email-based username and the password established for that Controller account. Their access rights will remain unaffected: they will have exactly the same rights as before the migration. Their user account will show a new username on the Controller user administration experience.
This migration will begin in April with the 23.4 SaaS Controller release. However, we will be rolling it out slowly over the subsequent weeks. So, if you don't see this as soon as your account is updated to 23.4, we just haven't enabled it for you yet.
If, as a Controller Account Owner, you wish to have migration enabled immediately, please feel free to create a Support request and we will enable it for your account.
We have taken many precautions in developing this experience to minimize impacts to users. We are only changing the user's authentication source within the system. The user's record will remain attached to all existing content and rights as is. Further, users will be given skips in case they don’t want to or can’t complete migration during that session.
Ultimately, the Identity Migration will benefit users in giving them one account for everything AppDynamics and enabling a much more secure identity experience.
However, should your users experience issues, please reach out to Support and we will solve the problem with you. Further, should you wish to test this and have a pre-production account, we can roll this out to your pre-production tenant first for confirmation. Please reach out to Support to make this request.
We always recommend that the use of user accounts for integration is inherently insecure. Instead, please use the API Client capabilities for integrations.
That said, the migration is for human users that use the login experience. Any code-based logins using the local user credentials will never trigger the migration and will remain using local logins.
If you use more than one username on your SAAS controller account, you will be required to provide an email address for each of those usernames. However, because the system expects usernames to be unique, once you migrate your first username, the subsequent usernames will need a new email address.
We recommend that you start by first logging into the username you use the most, that best represents your typical usage. For this one, provide your email address and complete migration.
For subsequent usernames, try using the "+" approach for your email address. Some email systems, like Gmail and Exchange, allow you to append something to your base email address with a + sign. The emails will still be routed to your inbox so that you can follow the links there.
For example, let's assume you have 3 usernames on the Controller: user, financialsupport, and techsupport. Your email address is user@company.com.
When you log in using the username of user, you will provide user@company.com for your email address and complete the migration process. From then on, when you want to log in to the user account you will log in using the username of user@company.com.
However, to log in using the techsupport username, you will need to provide an email address for migration. If you use the user@company.com email address, you will receive a message telling you to choose a different email because this one is in use. Here, try using user+techsupport@company.com. And for the financialsupport username, you would use user+financialsupport@company.com.
When you add the +<username> to your email in this way, you should still receive the necessary migration emails (with completion links) in your user@company.com inbox, allowing you to complete the process for these accounts.
Please note that these are new identities in our AppDynamics Identity Platform and can be used as any other user account. If you have multiple CSAAS Controller accounts with similar identities, reuse these emails on the other Controllers to link them up and gain single sign-on for that account.
No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any SAML users will continue to see the same experience they have today.
No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any LDAP users will continue to see the same experience they have today.
Users get 3 skips for starting the migration and then 3 more skips to complete the migration. This means that there are 6 logins using the old identity before they are required to complete the migration to the new, secure identity.
Once you provide the email address and are in the Controller, you will see a confirmation message that displays your email address as well as links to resend the mail or change your email address. You can choose to change your email address and we will send the migration email to the new address.
First, check to confirm you entered the correct email address
Sign back into the Controller account using your old username and password.
Once signed in, you will see a reminder that an email has been sent, and the address to which it was sent. You will have the options to:
• Resend the message
• Change your email address
If the email address is correct, please check your spam and junk folders. If you still don’t see the email message, select “resend the message” and try again.
If you continue to have problems receiving the email message, reach out to Support.
This is because the email you entered is affiliated with an existing user account in our AppDynamics Identity provider. We want to make sure that you are the owner of this account before migrating your Controller user account to the entered AppDynamics Identity Provider account.
Once you log in with the password associated with your email address (your AppDynamics Identity provider user account) successfully, we will migrate your Controller account.
If the email you entered is correct and you don't recall your password, you can use the forgot password flow to reset it.
For more information, see I'm stuck migrating my account because I can't log in or don't know what to do next.
Thank you! Your submission has been received!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form