{"id":52853,"date":"2025-09-12T13:28:46","date_gmt":"2025-09-12T13:28:46","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=52853"},"modified":"2026-02-21T08:22:50","modified_gmt":"2026-02-21T08:22:50","slug":"appdynamics-users-group-roles-administration","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/appdynamics-users-group-roles-administration\/","title":{"rendered":"Appdynamics: Users, Group, Roles Administration"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n
\n\n\n\n

1. Users<\/strong><\/h3>\n\n\n\n
    \n
  • Where you manage individual user accounts<\/strong>.<\/li>\n\n\n\n
  • You can create, edit, or delete users.<\/li>\n\n\n\n
  • Assign them to groups or roles so they get the right level of access.<\/li>\n\n\n\n
  • Each user will log in with their credentials (local or via external auth provider).<\/li>\n<\/ul>\n\n\n\n

    Use case<\/strong>: Add your DevOps engineers, SREs, or business analysts as users with the right permissions.<\/p>\n\n\n\n

    \n\n\n\n

    2. API Clients<\/strong><\/h3>\n\n\n\n
      \n
    • Used to create programmatic access tokens<\/strong> for APIs.<\/li>\n\n\n\n
    • Allows scripts, automation tools, or integrations (like CI\/CD pipelines) to interact with AppDynamics without a user manually logging in.<\/li>\n\n\n\n
    • Supports OAuth tokens<\/strong> for secure API access.<\/li>\n<\/ul>\n\n\n\n

      Use case<\/strong>: When Jenkins, Ansible, or Terraform needs to fetch metrics or manage configurations in AppDynamics.<\/p>\n\n\n\n

      \n\n\n\n

      3. Groups<\/strong><\/h3>\n\n\n\n
        \n
      • Logical collections of users.<\/li>\n\n\n\n
      • Permissions can be managed at the group level instead of assigning them individually to each user.<\/li>\n\n\n\n
      • Helps with role-based access control (RBAC).<\/li>\n<\/ul>\n\n\n\n

        Use case<\/strong>: Create groups like “SRE Team”<\/em>, “DB Admins”<\/em>, or “Executives”<\/em> and assign roles to the group.<\/p>\n\n\n\n

        \n\n\n\n

        4. Roles<\/strong><\/h3>\n\n\n\n
          \n
        • Define what users (or groups) are allowed to do<\/strong> inside AppDynamics.<\/li>\n\n\n\n
        • Predefined roles exist (like Administrator<\/em>, DB Monitoring User<\/em>, Analytics Administrator<\/em>).<\/li>\n\n\n\n
        • You can also create custom roles with specific permissions (e.g., only dashboard viewing, no editing).<\/li>\n<\/ul>\n\n\n\n

          Use case<\/strong>: Restrict a user to \u201cread-only dashboards\u201d while giving admins \u201cfull access.\u201d<\/p>\n\n\n\n

          \n\n\n\n

          5. Authentication Provider<\/strong><\/h3>\n\n\n\n
            \n
          • Manages how users authenticate<\/strong> into AppDynamics.<\/li>\n\n\n\n
          • Options include:\n
              \n
            • Internal Authentication<\/strong> (AppDynamics\u2019 own user\/password system).<\/li>\n\n\n\n
            • External Authentication<\/strong> (LDAP, SAML, OAuth, or enterprise identity providers like Okta, Azure AD, Keycloak).<\/li>\n<\/ul>\n<\/li>\n\n\n\n
            • Supports SSO (Single Sign-On)<\/strong> for easier enterprise integration.<\/li>\n<\/ul>\n\n\n\n

              Use case<\/strong>: Configure your corporate SSO provider so users log in with company credentials instead of managing separate passwords.<\/p>\n\n\n\n

              \n\n\n\n

              \u2705 In summary<\/strong>:<\/p>\n\n\n\n

                \n
              • Users<\/strong> = individual accounts.<\/li>\n\n\n\n
              • API Clients<\/strong> = automation access (tokens).<\/li>\n\n\n\n
              • Groups<\/strong> = collections of users.<\/li>\n\n\n\n
              • Roles<\/strong> = what permissions they have.<\/li>\n\n\n\n
              • Authentication Provider<\/strong> = how users log in (local vs enterprise SSO).<\/li>\n<\/ul>\n\n\n\n
                \n\n\n\n

                Here\u2019s a flow diagram<\/strong> that shows how all the circled pieces in your AppDynamics Administration<\/strong> section fit together:<\/p>\n\n\n\n

                \n\n\n\n

                \ud83d\udd11 AppDynamics Access Control Flow<\/h2>\n\n\n
                   [Authentication Provider]\n        (LDAP \/ SAML \/ OAuth \/ Local)\n                  \u2502\n                  \u25bc\n             [Users] \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n                  \u2502          \u2502\n                  \u25bc          \u2502\n              [Groups]       \u2502\n                  \u2502          \u2502\n                  \u25bc          \u2502\n                [Roles] \u25c4\u2500\u2500\u2500\u2500\u2518\n                  \u2502\n                  \u25bc\n         [Permissions & Access]\n<\/code><\/span><\/pre>\n\n\n
                \n\n\n\n
                How it works<\/strong><\/h3>\n\n\n\n
                  \n
                1. Authentication Provider<\/strong>\n
                    \n
                  • Decides how users log in<\/strong>:\n
                      \n
                    • Local AppDynamics login<\/li>\n\n\n\n
                    • Enterprise SSO (Okta, Azure AD, Keycloak, LDAP, etc.)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                    • Ensures identity validation.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                    • Users<\/strong>\n
                        \n
                      • Represent individual accounts (Rajesh, DevOps engineer, DBA, etc.).<\/li>\n\n\n\n
                      • They authenticate via the chosen provider.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                      • Groups<\/strong>\n
                          \n
                        • Collections of users.<\/li>\n\n\n\n
                        • Example: SRE Team<\/em>, DB Admins<\/em>, Business Analysts<\/em>.<\/li>\n\n\n\n
                        • Makes it easier to manage permissions at scale.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                        • Roles<\/strong>\n
                            \n
                          • Define what actions<\/strong> are allowed.<\/li>\n\n\n\n
                          • Example: Administrator<\/em>, Analytics Viewer<\/em>, DB Monitoring User<\/em>.<\/li>\n\n\n\n
                          • Can be assigned to groups or directly to users.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                          • Permissions & Access<\/strong>\n
                              \n
                            • The final outcome.<\/li>\n\n\n\n
                            • Determines what dashboards, reports, or configurations each user can see and modify.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
                            • API Clients<\/strong> (parallel path)\n
                                \n
                              • Not tied to human users.<\/li>\n\n\n\n
                              • Get tokens from Authentication Provider.<\/li>\n\n\n\n
                              • Used by automation tools (CI\/CD pipelines, scripts) to interact with AppDynamics APIs.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
                                \n\n\n\n
                                \u2705 Summary:<\/strong><\/p>\n\n\n\n
                                  \n
                                • Authentication Provider<\/strong> = Entry gate (how users authenticate).<\/li>\n\n\n\n
                                • Users<\/strong> = Individual identities.<\/li>\n\n\n\n
                                • Groups<\/strong> = Collections of users.<\/li>\n\n\n\n
                                • Roles<\/strong> = Define permissions.<\/li>\n\n\n\n
                                • API Clients<\/strong> = Machine-to-AppDynamics access.<\/li>\n<\/ul>\n\n\n\n
                                  \n\n\n\n
                                  <\/p>\n","protected":false},"excerpt":{"rendered":"
                                  1. Users Use case: Add your DevOps engineers, SREs, or business analysts as users with the right permissions. 2. API Clients Use case: When Jenkins, Ansible, or Terraform needs to… <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-52853","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=52853"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52853\/revisions"}],"predecessor-version":[{"id":59711,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52853\/revisions\/59711"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=52853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=52853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=52853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}