Knowledge Base

cancel
Showing results for 
Search instead for 
Did you mean: 

Changes to User Creation and Password Policy — FAQ

In our efforts to better serve our customers, we are implementing several enhancements designed to improve security and set a foundation for streamlining user management capabilities for system administrators.

 

With the release of the 21.2 Controller, AppDynamics will be upgrading our user creation process and password policy. This upgrade will include the following changes:

New user email verification

When a new user is created, they must verify their account via email prior to logging into your controller. This will require administrators to provide an accurate email when creating the new user. 

 

Improved password policy

As part of completing their email verification, they will receive a notification to “activate their account”. During this process, the new user is required to create a password, which will have to adhere to a mandatory “strong” password policy designed to improve account security. 

 

Access to Accounts

When a new user activates their account, they will be able to access the controller accounts to which they have been assigned as well as the resources of Account, such as Community and University.

 

Table of Contents:


 

When will this change occur?

We will be releasing these new capabilities in a staged rollout. The rollout will start with the release of the 21.2 Controller and is anticipated to be completed in April of 2021. 

 

Will this impact my current users?

No, current users will not be impacted by this change. However, this is the first phase in a series of enhancements to improve security and overall ease of use for our user management capabilities.

 

We highly recommend adding accurate email addresses when making any updates to an existing user’s account, as this will be a requirement in the future. 

 

What if my new user fails to verify their account?

When a new user is created, they will be designated a “pending” status until they complete the email verification process. The verification email will expire after 7 days of inactivity. At that time an administrator can opt to:

  • Ask the user to invoke the reset password flow, which will resend the activation email for a pending user. To do so:

    1. Direct them to either your controller login or the Accounts login page:

    2. Click the “Reset Password” link
      The reset password link, below the "Next" button on the Sign-in screenThe reset password link, below the "Next" button on the Sign-in screen

       

  • Delete the pending user if they no longer require access

 

What if I create new users via an API or third-party provider?

If a user is created via an API script or a third-party integration, the user will still need to complete the email verification process.

If the new user fails to verify their email within 10 days of receiving the notification, they can obtain another activation email using the reset password flow from the login screen.

 

Will this impact my SSO policies for new users?

There is no impact for SSO policies at all. This change only applies to SaaS customers whose users are authenticated by AppDynamics, or so-called “local users”.  SAML or LDAP users and the associated security provider settings are not impacted. 

 

What will the new password policy be?

  • Minimum length: 8 characters

  • Contain both upper-case and lower-case letters

  • Contain at least one number (i.e., 0-9)

  • Contain at least one special non-alphanumeric character (e.g., !$%^&*)

 

Can an administrator create a password for a new user?

No. Once the new capabilities have been activated for your account, administrators will no longer be able to set the password when creating a new user. The new user will be required to create their password during the email verification process.

Version history
Revision #:
10 of 10
Last update:
‎02-09-2021 04:58 PM
Updated by:
 
Labels (1)
Tags (2)


Found this article helpful? Click the Thumbs Up button.
Have an additional comment? Post it below.
Comments

Hi,

 

Quick question. If a customer uses the same email address for more than one user account will this cause any issue?

 

Thanks,

Jennifer

Hi Jennifer,   

 

Thank you for the question.  With these changes, we have begun the necessary work of providing our users a single identity for all their interactions with AppDynamics.   The result will be a better overall experience as well as a more secure system for these user accounts.  Email address will be used as their unique identifier and as such, each distinct user must have their own email address.  For now, the change is only being applied to newly created users when the customer has chosen to use AppDynamics as their identity provider (the "local" user option).    In the near future, however, we will migrate existing local users to this system requiring these existing users to have their own unique email address.

 

As always, we recommend that customers adopt SAML wherever possible as this ensures that the customer's systems are the identity systems of record for their users, allowing the customer to control the use of their user attributes.    As noted, these changes won't impact a customer's SAML/SSO users.

 

Bill