I am migrating my user account to central identity using an existing email, but I can’t tell how I should proceed to finish This article provides context and instructions for completing the user account migration to the AppDynamics central identity. Why is this happening? | What must I do? I can't remember my password | Step by Step Instructions | Resources Figure 1 - Migration Experience page When a user signs in successfully to a Controller account using their local username, completes the migration experience page (see Figure 1, left) by providing their email address and is presented a new login screen, they are often confused as to what to do next. Is this happening to you?  There is an easy answer. Simply sign into the new login screen using the same email address you provided above as the username. Use the password you use with AppDynamics for this email at the password prompt. NOTE | This may or may not be the same password you use to log in to your Controller. You may have set this some time ago! Feel free to use Reset Password.   Once you complete this sign-in, the username for your Controller local user account will be migrated to be your email address user account, and you will be directed to the Controller account in a logged-in state.    Why is this happening? Figure 2 – Login screen This migration process is about making sure each human user can access all AppDynamics resources with the same user identity. It will unify potentially multiple user accounts into a single user account based on the email address provided.   When you see the login screen (see Figure 2, left) after providing your email address (see Figure 1, above), it means that AppDynamics already has a user account created with that email address as the username, and we need you to prove that you own it.   Back to TOC How did I get this account?  There are several ways you could have obtained it:  You have completed training and used this account to access training   You can file support tickets and use this account for that action  You already completed migration on another Controller account.   You signed up for a self-service trial using this email address.  Your company admin created an account for you using this email address some time ago and you’ve never even used it. You may not recall, but we remember the account and need you to prove you own it.   Back to TOC What must I do? You simply enter your email address as the username, provide the password, and sign in.  What if I don't remember my password? Easy. Simply click the Reset Password link, and an email will be sent to you. Follow the instructions there and create a new password. With this new password, return to the flow and try again.  What is AppD doing to improve this experience?  We are aware of the problem and will update the experience in the coming days to include instructions to help ensure the next steps are clear.   Back to TOC I'm still confused. Can you provide an example and go through this process step-by-step? Sure. Let’s set this example up:  Your controller account: helpmeout  Your local username: legacyuser  Your email address: userone@helpmeout.com  Now for the steps: Navigate to AppDynamics using helpmeout.saas.appdynamics.com   (NOTE | This is not a real account and is just provided for this example scenario) Enter the account name of: helpmeout Enter your username of: legacyuser and click Next  Enter the password for legacyuser and click Sign in    You are presented with the migration dialog (see Figure 1, above) and are asked to enter your email. The dialog shows the email address we have on file for you and an empty confirmation email field. You may change the email address as displayed or leave it, but you must confirm it in the confirmation field.   You complete the email field as: userone@helpmeout.com and the confirmation field as userone@helpmeout.com and click Confirm    The system finds that userone@helpmeout.com already exists in the AppDynamics Identity Provider and prompts you with a login screen (see Figure 2, above) to authenticate that it’s really you. We want to make sure that you are who you say you are for security reasons.  You enter your email address as: userone@helpmeout.com and click Next. NOTE | We recommend that you check the Remember me box for future convenience.    You are presented with a password field. Enter the password for the userone@helpmeout.com user and click the Sign in button. If you don’t remember your password, click Reset password and follow the instructions to set a new password.    You will be authenticated and then will receive a message indicating that you have completed migration. It will remind you that, from now on, you will log in to the helpmeout account using the username of userone@helpmeout.com and the password you just used to authenticate. You can then click the link to the helpmeout.saas.appdynamics.com account, where you will be automatically logged in.     Congrats! You’ve completed migration and will be back to using the system as normal with the added benefit of seamless access (SSO) to other accounts that use this username as well as resources of AppDynamics like Community, University, and Support.  Back to TOC Additional resources AppDynamics Global Identity Migration Experience - FAQ   Why sign in after migration?  ... View more

Local user accounts are migrating to the AppDynamics Identity Platform. Here’s what you need to know.  FOR NOTIFICATION UPDATES — Click the caret menu above right, then Subscribe. Beginning with our SaaS Controller release in April 2023, AppDynamics-managed user accounts will begin migrating to the AppDynamics Identity Provider. With the AppDynamics Identity Provider, users will benefit from single sign-on access to Controller tenants and other AppDynamics resources, as well as best-in-class identity management.  This article gives the reasons and benefits for this change, outlines the migration timing and process, and explains the continued user experience.  In this article…  What's happening and why? • How will the Identity Provider Migration work? • When is the Identity Provider Migration coming? Frequently Asked Questions   Before the Identity Provider Migration • Will this change disrupt user access to the system? • What if I only use my local logins for service accounts? • What if I have more than user account on the SaaS Controller? • Does this Identity Migration affect my SAML users? • Does this Identity Migration affect my LDAP users?  • How many skips do users get before they must complete the process? During the Identity Provider Migration • What if I accidentally entered the wrong email address?  • What if I never receive the migration email?   • Why am I being asked to sign in again after after signing in and initiating the migration using my email address? Additional resources  • Related articles and posts What’s happening and why?  Beginning with our SaaS Controller release in April 2023, local (AppDynamics managed) user accounts will begin the process of migrating to the AppDynamics Identity Provider.   As we previously announced, AppDynamics managed user accounts added from the 21.11 release onward are already part of our AppDynamics Identity provider, which gives the benefit of single sign-on (SSO) across Controller tenants and access to all resources available at our AppDynamics website (such as University, Support, and Community). Further, these accounts are protected by a best-in-class identity provider, enabling proper security and a platform for continued improvement in account security options.   In order to ensure all older AppDynamics-managed user accounts gain all the same benefits, they will need to be migrated to this identity system. Our aim in the migration is to avoid disruption and provide a simple process. The migration process is user-driven and triggered after a successful login. Once a user migrates successfully, all their future logins on that Controller account will use the new user account with a username equal to their email address. They will retain all previous access without interruption. How will the Identity Provider migration work?  Upon successful login using a user account that has not yet been migrated, the user will be prompted to complete the migration process for the account. Users may choose to skip the process up to 3 times.  Users will be asked to provide their email address They will then be routed to the Controller account directly and be sent an email with migration instructions  Once they access the email and follow the prompts to set their new password, their account will complete migration. Subsequent logins will use their new AppDynamics identity.   What about users who already have an AppDynamics Identity Provider account?  In some cases, users already have accounts in the AppDynamics Identity Provider. This is true for users whose user email is listed in the Accounts Management Portal as created by the administrator. Typically, this is because they have completed training, filed Support tickets, or participated in Community posts. For these users, the migration process will result in their local Controller user account being migrated to their existing AppDynamics identity.   Once a user's account is migrated on a specific Controller account, they will access this Controller account using their email-based username and the password established for that Controller account. Their access rights will remain unaffected: they will have exactly the same rights as before the migration. Their user account will show a new username on the Controller user administration experience. When is the AppDynamics Identity Provider migration coming?  This migration will begin in April with the 23.4 SaaS Controller release. However, we will be rolling it out slowly over the subsequent weeks. So, if you don't see this as soon as your account is updated to 23.4, we just haven't enabled it for you yet.   If, as a Controller Account Owner, you wish to have migration enabled immediately, please feel free to create a Support request and we will enable it for your account.   Back to Top  Frequently Asked Questions  BEFORE THE IDENTITY PROVIDER MIGRATION  Will this change disrupt user access to the system?    We have taken many precautions in developing this experience to minimize impacts to users. We are only changing the user's authentication source within the system. The user's record will remain attached to all existing content and rights as is.  Further, users will be given skips in case they don’t want to or can’t complete migration during that session.  Ultimately, the Identity Migration will benefit users in giving them one account for everything AppDynamics and enabling a much more secure identity experience.   However, should your users experience issues, please reach out to Support and we will solve the problem with you. Further, should you wish to test this and have a pre-production account, we can roll this out to your pre-production tenant first for confirmation. Please reach out to Support to make this request.  Back to Top    What if I only use my local logins for service accounts?    We always recommend that the use of user accounts for integration is inherently insecure. Instead, please use the API Client capabilities for integrations.   That said, the migration is for human users that use the login experience. Any code-based logins using the local user credentials will never trigger the migration and will remain using local logins.  Back to Top  What if I have more than one user account on the SaaS Controller? If you use more than one username on your SAAS controller account, you will be required to provide an email address for each of those usernames. However, because the system expects usernames to be unique, once you migrate your first username, the subsequent usernames will need a new email address.  We recommend that you start by first logging into the username you use the most, that best represents your typical usage.  For this one, provide your email address and complete migration.  For subsequent usernames, try using the "+" approach for your email address.  Some email systems, like Gmail and Exchange, allow you to append something to your base email address with a + sign. The emails will still be routed to your inbox so that you can follow the links there.  For example, let's assume you have 3 usernames on the Controller: user, financialsupport, and techsupport. Your email address is user@company.com. When you log in using the username of user, you will provide user@company.com for your email address and complete the migration process.  From then on, when you want to log in to the user account you will log in using the username of user@company.com.  However, to log in using the techsupport username, you will need to provide an email address for migration. If you use the user@company.com email address, you will receive a message telling you to choose a different email because this one is in use.  Here, try using user+techsupport@company.com.  And for the financialsupport username, you would use user+financialsupport@company.com.  When you add the +<username> to your email in this way, you should still receive the necessary migration emails (with completion links) in your user@company.com inbox, allowing you to complete the process for these accounts. Please note that these are new identities in our AppDynamics Identity Platform and can be used as any other user account.  If you have multiple CSAAS Controller accounts with similar identities, reuse these emails on the other Controllers to link them up and gain single sign-on for that account. Back to Top    Does this Identity Migration affect my SAML users?   No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any SAML users will continue to see the same experience they have today.  Back to Top    Does this Identity Migration affect my LDAP users?    No, this only applies to users who are listed in the user management administration screen on the controller under the "AppDynamics" drop down. Any LDAP users will continue to see the same experience they have today.   Back to Top    How many skips do users get before they must complete the process?  Users get 3 skips for starting the migration and then 3 more skips to complete the migration. This means that there are 6 logins using the old identity before they are required to complete the migration to the new, secure identity.  Back to Top    DURING THE IDENTITY PROVIDER MIGRATION  What if I accidentally entered the wrong email address?  Once you provide the email address and are in the Controller, you will see a confirmation message that displays your email address as well as links to resend the mail or change your email address.  You can choose to change your email address and we will send the migration email to the new address.  Back to Top    What if I never receive the migration email?  First, check to confirm you entered the correct email address  Sign back into the Controller account using your old username and password. Once signed in, you will see a reminder that an email has been sent, and the address to which it was sent. You will have the options to: • Resend the message  • Change your email address  If the email address is correct, please check your spam and junk folders. If you still don’t see the email message, select “resend the message” and try again.  If you continue to have problems receiving the email message, reach out to Support.   Back to Top    Why am I being asked to sign in again after signing in and initiating the migration using my email address?  I thought I was supposed to be directed into the Controller immediately.    This is because the email you entered is affiliated with an existing user account in our AppDynamics Identity provider. We want to make sure that you are the owner of this account before migrating your Controller user account to the entered AppDynamics Identity Provider account.   Once you log in with the password associated with your email address (your AppDynamics Identity provider user account) successfully, we will migrate your Controller account.   If the email you entered is correct and you don't recall your password, you can use the forgot password flow to reset it. For more information, see I'm stuck migrating my account because I can't log in or don't know what to do next. Back to Top  Additional Resources  Announcement | Users who are part of our AppD IDP system will begin seeing an SSO experience  FAQ - Sign in once to AppD and see everything  I'm stuck migrating my account because I can't log in or don't know what to do next. ... View more

AppDynamics Identity Provider users get a seamless SSO experience across AppDynamics products and services Beginning with v22.6.0, users authenticated by the global AppDynamics Identity Provider (AppD IDP) will only need to sign in to an authorized AppDynamics product or service once. Now, these users will only need to sign in to AppDynamics once. As they navigate from one to another of their authorized AppDynamics products and services, they will not be asked for their password again. NOTE | This change does not affect current Controller local, SAML, and LDAP users, who can continue to sign in as they always have, without disrupting their access. On the horizon… Though this feature is currently only available for users added since v21.11, the ability to convert an existing (pre-v21.11) user account to the new SSO-enabled AppDynamics managed user identity is planned for later in 2022. Be on the lookout for an announcement describing this conversion in the future. In this article…   Frequently asked questions   Getting started with AppDynamics SSO How do I sign in so I can see and navigate to my AppDynamics products and services? Where is the password field in the sign-in screen? Why do I have to enter my username twice? Can I change my local Controller account if I am not currently a global AppDID User? What if an AppD IDP account is used for a service account API authentication on a Controller?   How do I know… What is the AppD IDP and how do I know whether I’m using it? How can I tell whether or not I’m an AppDynamics Identity Provider user?   Questions from Admins As an admin, can I set these users to be authenticated my IDP in the Account Management Portal? As an admin, how do I give users access to a Controller tenant?   Additional resources Frequently asked questions Getting started with AppDynamics SSO How do I sign in so I can see and navigate to my AppDynamics products and services? AppDynamics IDP users can use the following steps to view and navigate to their AppDynamics products and services: Navigate to https://accounts.appdynamics.com/personal-profile  Sign in as usual from any AppDynamics product or service: Starting from your Controller account Enter your account name Enter your username (which is your email address) Click Next The system will recognize you as an AppD IDP user and redirect you to the AppD IDP for authentication.  Enter your username again and click Next. Enter your password and click Sign in. You will land in the Controller signed in. Starting from any accounts service (like University or Community) Click Sign in Enter your username (which is your email address) Click Next Enter your password and click Sign in. Once signed in, you will see your target experience.  From the mini-profile (look for your username in the top of the screen), choose “Manage my Profile” or access this link. From here you can see any AppDynamics Controllers to which your profile is associated, as well as all related services (i.e., AppD University, Community, Documentation, Support) Each time you click a Controller or service from your personal profile, it will open in an active (already authenticated) new tab. Where is the password field in the sign-in screen? The password field appears once you enter the username and click next. It may either appear on the same screen, or once you are redirected to your “global” sign-in page. Why do I have to enter my username twice? You need to enter your username twice when first signing in due to our use of a global identity provider. TIPS | Use the “Remember me” functions to further streamline all your future logins.  Alternatively, sign in to your personal profile page first. It will show you everything you have access to and provide direct access links. Can I change my local Controller account if I am not currently a global AppDID User? We are working on a migration to AppD IDP user capability that will upgrade your existing Controller account to AppD IDP. It is on the roadmap for later this year. What if an AppD IDP account is used for a service account API authentication on a Controller? You can expect successful authentications when an AppD IDP account is used for a service account AppD IDP authentication on a Controller. The service account can be authenticated without the SSO flow. That said, we recommend that customers move to our OAUTH-based API clients for this process , wherever possible, to improve security. See the documentation for this feature here. Back to TOC How do I know… What is the AppD IDP and how do I know whether I’m using it? AppD IDP stands for “AppDynamics Identity Provider”. Until now, each Controller has served as its own identity provider. From this point forward, we are moving that function to the AppD IDP, a global AppDynamics Identity Provider.   If you have chosen SAML or LDAP as your authentication provider in the Controller tenant authentication provider settings tab, then you are not using the new AppD IDP for user identity management, but instead are using your own provider. If your Controller tenant has “AppDynamics” selected in the Controller tenant authentication provider tab, then users created since v21.11  are using the AppD IDP for user identity management.  How can I tell whether or not I’m an AppDynamics Identity Provider user? If your account was created between now and v21.11, and your email address is your username, then you are an AppDynamics Identity Provider user.   You can confirm this by logging into your personal profile at https://accounts.appdynamics.com/personal-profile. If the Assigned Controller Tenants sections lists the Controllers you use, you are an AppDynamics Identity Provider user. Legacy local AppDynamics user accounts are those created before v.21.11 that do not use email as their username. NOTE | As with Controller based SAML and LDAP users, current pre-v21.11 legacy local users can continue to sign in as they always have, without a disruption to their access. Back to TOC Questions from Admins As an admin, can I set these users to be authenticated my IDP in the Account Management Portal? Yes! This is like any other AppDIDP-managed user except that when they sign in, they will be redirected to the customer IDP. Just add the user using their email address to the Controller account.  As an admin, how do I give users access to a Controller tenant? The user must be added from the Controller users page, using their email address. If a user’s email exists in the AppD IDP, that account will be used for SSO features. NOTE | Users cannot be given access to a Controller tenant from the Accounts Management Portal at this time. Back to TOC   Additional Resources You may find the following AppDynamics Documentation resources useful: Create AppD IDP User API OpenAuthorization Mechanisms  SAML Federation AppDynamics API Clients Also related to this topic are the following Knowledge Base articles: Access to AppDynamics University is easier than ever Changes to user creation and password policy  AppDynamics Global Identity Migration Experience FAQ ... View more

What improvements to user email verification, password policy, and account resources were completed in v21.11 and how do they affect me? In our efforts to better serve our customers, we’ve implemented several enhancements designed to improve security and set a foundation for streamlining user management capabilities for system administrators. In this article… What changed? When did this change happen? How do these changes affect user creation? Will this impact my current users? What if my new user fails to verify their account? What if I add a user who is already in the Account Management Portal (under User Management)?  What if I create new users through an API or third-party provider? Security  Will this impact my SSO policies for new users? What will the new password policy be? Can an administrator create a password for a new user? Can I use a username other than email address? What if I want to add an AppDynamics employee for support? What changed? As of release v21.11, AppDynamics has completed upgrades to our user creation process and password policy—a process that began in v21.2. To date, the following changes have been rolled out to all customer SaaS accounts: New user email verification When a new user is created, they must verify their account via email prior to logging into your Controller. This will require administrators to provide an accurate email when creating the new user.  Improved password policy As part of completing their email verification, users will receive a notification to “activate their account”.  During this process, the new user is required to create a password, and it will have to adhere to a mandatory “strong” password policy designed to improve account security.  Access to Controller and account resources When a new user activates their account, they will be able to access the Controller accounts to which they have been assigned as well as the resources of the Account, such as Community and University.   When did this change happen? We began a staged rollout of these changes starting with v21.2. As of v 21.11, all customer SaaS Controllers have these capabilities.  Back to Table of Contents How do these changes affect user creation? Will this impact my current users? No, current users will not be impacted by this change. The new features only impact users created with the new flow implemented for everyone in v21.11. NOTE | This is the first phase in a series of enhancements to improve security and overall ease of use for our user management capabilities. We highly recommend adding accurate email addresses when making any updates to an existing user’s account, as this will be a requirement in the future.    What if my new user fails to verify their account? When a new user is created, they will be designated a “pending” status until they complete the email verification process. The verification email will expire after 7 days of inactivity.  At that time an administrator can opt to: Ask the user to invoke the reset password flow, which will resend the activation email for a pending user. To do so: Direct them to either your Controller login or the Accounts login page: Click the “Reset Password” link The reset password link, below the "Next" button on the Sign-in screen Delete the pending user if they no longer require access What if I add a user who is already in the User Management section of the Account Management Portal? If you add a user to your Controller account using the email address of a user already found in the user management section of the Account Management Portal:  The user will automatically be able to use their Accounts username (as email address) and password to access the Controller account.  The user will receive an email notifying them of their access to the Controller account, including a link to the account for access.   The Account Management Portal’s user management section will show the user as a “tenant user” of the Controller account, making it clear that they can access the Controller directly using that identity. What if the user resets their password? When a user can’t remember the password they set, they can click reset password from the Controller account login page or from the login.appdynamics.com login page. They will receive an email with a link to reset their password. Once reset, the user will be able to use the new password with their username (as email address) in all related Controller accounts and AppDynamics Accounts experiences. What if I add the same user’s email address to another Controller account? Whenever a local user is added to a Controller account using their email address, we match that email account with other existing user accounts using that email address and ensure that it’s the same user credentials that are used for the account. What does this mean for the user? The user will be able  to access all Controller accounts to which they have been added with the same AppDynamics identity (username and password). What if I create new users via an API or third-party provider? Even if a user is created via an API script or a third-party integration, the user will still need to complete the email verification process. If the new user fails to verify their email within 10 days of receiving the notification, they can obtain another activation email using the reset password flow from the login screen. Back to Table of Contents Security Will this impact my SSO policies for new users? There is no impact for SSO policies at all. This change only applies to SaaS customers whose users are authenticated by AppDynamics, or so-called “local users”.  SAML or LDAP users and the associated security provider settings are not impacted.  What is the new password policy? Minimum length: 8 characters Contain both upper-case and lower-case letters Contain at least one number (i.e., 0-9) Contain at least one special non-alphanumeric character (e.g., !$%^&*)   Can an administrator create a password for a new user? No, administrators will no longer be able to set the password when creating a new user. The new user will be required to create their password during the email verification process. Can I use a username other than an email address? No.  In order to ensure uniqueness, email is the chosen username format. With email as username, we can ensure that users have a means of receiving operational communications from AppDynamics as well as ensure that the user can access all AppDynamics resources using a single identity. What if I want to add an AppDynamics employee for support? Easy. Just add the AppDynamics employee using their email address. The employee will be able to log in to your account securely. Should they leave AppDyamics, they will be unable to access your account further. Back to Table of Contents ... View more