Local user accounts are migrating to the AppDynamics Identity Platform.
Here’s what you need to know. 

FOR NOTIFICATION UPDATES — Click the caret menu above right, then Subscribe.

Beginning with our SaaS Controller release in April 2023, AppDynamics-managed user accounts will begin migrating to the AppDynamics Identity Provider. With the AppDynamics Identity Provider, users will benefit from single sign-on access to Controller tenants and other AppDynamics resources, as well as best-in-class identity management. 

This article gives the reasons and benefits for this change, outlines the migration timing and process, and explains the continued user experience. 

In this article… 

What's happening and why?	• How will the Identity Provider Migration work? • When is the Identity Provider Migration coming?
Frequently Asked Questions
Before the Identity Provider Migration	• Will this change disrupt user access to the system? • What if I only use my local logins for service accounts? • What if I have more than user account on the SaaS Controller? • Does this Identity Migration affect my SAML users? • Does this Identity Migration affect my LDAP users?  • How many skips do users get before they must complete the process?
During the Identity Provider Migration	• What if I accidentally entered the wrong email address?  • What if I never receive the migration email?   • Why am I being asked to sign in again after after signing in and initiating the migration using my email address?
Additional resources	• Related articles and posts

 

What’s happening and why? 

Beginning with our SaaS Controller release in April 2023, local (AppDynamics managed) user accounts will begin the process of migrating to the AppDynamics Identity Provider.  

As we previously announced, AppDynamics managed user accounts added from the 21.11 release onward are already part of our AppDynamics Identity provider, which gives the benefit of single sign-on (SSO) across Controller tenants and access to all resources available at our AppDynamics website (such as University, Support, and Community). Further, these accounts are protected by a best-in-class identity provider, enabling proper security and a platform for continued improvement in account security options.  

In order to ensure all older AppDynamics-managed user accounts gain all the same benefits, they will need to be migrated to this identity system. Our aim in the migration is to avoid disruption and provide a simple process. The migration process is user-driven and triggered after a successful login. Once a user migrates successfully, all their future logins on that Controller account will use the new user account with a username equal to their email address. They will retain all previous access without interruption.

How will the Identity Provider migration work? 

Upon successful login using a user account that has not yet been migrated, the user will be prompted to complete the migration process for the account. Users may choose to skip the process up to 3 times. 

1. Users will be asked to provide their email address
   
2. They will then be routed to the Controller account directly and be sent an email with migration instructions 
   
3. Once they access the email and follow the prompts to set their new password, their account will complete migration. Subsequent logins will use their new AppDynamics identity.  

What about users who already have an AppDynamics Identity Provider account? 
In some cases, users already have accounts in the AppDynamics Identity Provider. This is true for users whose user email is listed in the Accounts Management Portal as created by the administrator. Typically, this is because they have completed training, filed Support tickets, or participated in Community posts. For these users, the migration process will result in their local Controller user account being migrated to their existing AppDynamics identity.  

Once a user's account is migrated on a specific Controller account, they will access this Controller account using their email-based username and the password established for that Controller account. Their access rights will remain unaffected: they will have exactly the same rights as before the migration. Their user account will show a new username on the Controller user administration experience.

When is the AppDynamics Identity Provider migration coming? 

This migration will begin in April with the 23.4 SaaS Controller release. However, we will be rolling it out slowly over the subsequent weeks. So, if you don't see this as soon as your account is updated to 23.4, we just haven't enabled it for you yet.  

If, as a Controller Account Owner, you wish to have migration enabled immediately, please feel free to create a Support request and we will enable it for your account.  

Back to Top 

 

Frequently Asked Questions 

BEFORE THE IDENTITY PROVIDER MIGRATION 

Will this change disrupt user access to the system?   

We have taken many precautions in developing this experience to minimize impacts to users. We are only changing the user's authentication source within the system. The user's record will remain attached to all existing content and rights as is.  Further, users will be given skips in case they don’t want to or can’t complete migration during that session. 

Ultimately, the Identity Migration will benefit users in giving them one account for everything AppDynamics and enabling a much more secure identity experience.  

However, should your users experience issues, please reach out to Support and we will solve the problem with you. Further, should you wish to test this and have a pre-production account, we can roll this out to your pre-production tenant first for confirmation. Please reach out to Support to make this request. 

Back to Top 

 

What if I only use my local logins for service accounts?   

We always recommend that the use of user accounts for integration is inherently insecure. Instead, please use the API Client capabilities for integrations.  

That said, the migration is for human users that use the login experience. Any code-based logins using the local user credentials will never trigger the migration and will remain using local logins. 

Back to Top 

 

What if I have more than one user account on the SaaS Controller?

If you use more than one username on your SAAS controller account, you will be required to provide an email address for each of those usernames. However, because the system expects usernames to be unique, once you migrate your first username, the subsequent usernames will need a new email address. 

We recommend that you start by first logging into the username you use the most, that best represents your typical usage.  For this one, provide your email address and complete migration. 

For subsequent usernames, try using the "+" approach for your email address.  Some email systems, like Gmail and Exchange, allow you to append something to your base email address with a + sign. The emails will still be routed to your inbox so that you can follow the links there. 

For example, let's assume you have 3 usernames on the Controller: user, financialsupport, and techsupport. Your email address is user@company.com.

When you log in using the username of user, you will provide user@company.com for your email address and complete the migration process.  From then on, when you want to log in to the user account you will log in using the username of user@company.com. 

However, to log in using the techsupport username, you will need to provide an email address for migration. If you use the user@company.com email address, you will receive a message telling you to choose a different email because this one is in use.  Here, try using user+techsupport@company.com.  And for the financialsupport username, you would use user+financialsupport@company.com. 

When you add the +<username> to your email in this way, you should still receive the necessary migration emails (with completion links) in your user@company.com inbox, allowing you to complete the process for these accounts.

Please note that these are new identities in our AppDynamics Identity Platform and can be used as any other user account.  If you have multiple CSAAS Controller accounts with similar identities, reuse these emails on the other Controllers to link them up and gain single sign-on for that account.

Back to Top 

 

Does this Identity Migration affect my SAML users?  

No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any SAML users will continue to see the same experience they have today. 

Back to Top 

 

Does this Identity Migration affect my LDAP users?   

No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any LDAP users will continue to see the same experience they have today.  

Back to Top 

 

How many skips do users get before they must complete the process? 

Users get 3 skips for starting the migration and then 3 more skips to complete the migration. This means that there are 6 logins using the old identity before they are required to complete the migration to the new, secure identity. 

Back to Top 

 

DURING THE IDENTITY PROVIDER MIGRATION 

What if I accidentally entered the wrong email address? 

Once you provide the email address and are in the Controller, you will see a confirmation message that displays your email address as well as links to resend the mail or change your email address.  You can choose to change your email address and we will send the migration email to the new address. 

Back to Top 

 

What if I never receive the migration email? 

1. First, check to confirm you entered the correct email address 
   

2. Sign back into the Controller account using your old username and password.
   
   Once signed in, you will see a reminder that an email has been sent, and the address to which it was sent. You will have the options to:
   • Resend the message 
   • Change your email address 
   

3. If the email address is correct, please check your spam and junk folders. If you still don’t see the email message, select “resend the message” and try again. 
   

4. If you continue to have problems receiving the email message, reach out to Support.  

Back to Top 

 

Why am I being asked to sign in again after signing in and initiating the migration using my email address? 
I thought I was supposed to be directed into the Controller immediately.   

This is because the email you entered is affiliated with an existing user account in our AppDynamics Identity provider. We want to make sure that you are the owner of this account before migrating your Controller user account to the entered AppDynamics Identity Provider account.  

Once you log in with the password associated with your email address (your AppDynamics Identity provider user account) successfully, we will migrate your Controller account.  

If the email you entered is correct and you don't recall your password, you can use the forgot password flow to reset it.

For more information, see I'm stuck migrating my account because I can't log in or don't know what to do next.

Back to Top 

 

Additional Resources 

• Announcement | Users who are part of our AppD IDP system will begin seeing an SSO experience 
• FAQ - Sign in once to AppD and see everything 
• I'm stuck migrating my account because I can't log in or don't know what to do next.