AppDynamics SAML Single Sign-On (SSO) integration

This topic describes how to configure AppDynamics for SAML SSO in CyberArk Identity.

Supported features

This application template supports the following features:

  • IdP-initiated SAML SSO access through CyberArk Identity User Portal

  • SP-initiated SAML SSO access directly through the AppDynamics web application

You can choose one or both methods.

Before you begin

Make sure you have the following information.

Name

Format

AppDynamics Domain (Single Sign On URL)

https://<controller_host>:<port>/controller/saml-auth?accountName=<your_AppD_account_name>

For example:

https://example2022052902260317.saas.appdynamics.com/controller/saml-auth?accountName=example2022052902260317

SP Entity ID

<controller_host>

For example:

example2022052902260317

Confirm the following:

  • You have an active AppDynamics account with administrator rights for your organization.

  • AppDynamics users who will access CyberArk Identity User Portal through SSO have already been added to CyberArk.

Configure the AppDynamics application template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the AppDynamics application template for SSO.

Step 1: Add the AppDynamic web application template.

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page.

  1. In the Identity Provider Configuration section, select Metadata, then click Copy URL to copy the URL of the certificate.

    This URL is used later when you configure the SAML integration in AppDynamics.

  2. In the Service Provider Configuration section, select Manual Configuration, then review and configure the URLs to meet your requirements and click Save.

    Setting Description

    SP Entity ID

    <controller_host>

    For example:

    example2022052902260317

    Assertion Consumer Service (ACS) URL

    https:<sp_entity_id>.saas.appdynamics.com/controller

    NameID Format

    		 emailAddress.

Step 3: Configure the SAML Response page.

  1. Verify the following attributes with the AppDynamics attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    Attribute Name Attribute Value

    mail

    LoginUser.Email
    DisplayName LoginUser.DisplayName
    Username Login.Username

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure the Permissions page to grant AppDynamics users SSO access.

Grant SSO access to AppDynamics users by assigning permissions to users, groups, or roles. The user(s) you select must already exist in AppDynamics.

  1. In CyberArk, go to the Permissions page and click Add

    The Select User, Group, or Role window appears.

  1. Select the user(s), group(s), or role(s) that you want to give permissions to, then click Add

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  1. Select the permissions you want, then click Save.

Step 5: Review and save.

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure AppDynamics for SAML single sign-on

Perform these steps in AppDynamics to configure the AppDynamics app template for SSO.

  1. Sign in to AppDynamics using an administration account.

  2. Click Settings > Administration > Authentication Provider.

  3. Select SAML as the Authentication Provider.

  4. Copy the following values from the Trust page of the AppDynamics SSO template in the Identity Administration portal and paste them into their corresponding fields in AppDynamics.

Name in CyberArk

Corresponding Name in AppDynamics
Signing Certificate Identity Provider Certificate
SAML Issuer URL Login URL

The following SAML attributes are automatically mapped in AppDynamics:

Name

Value
Username Attribute Username
Display Name Attribute DisplayName
Email Attribute Email

Test the AppDynamics SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and AppDynamics, users can benefit from SP-initiated and IdP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the AppDynamics application tile to launch AppDynamics in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your organization's AppDynamics SSO URL in the format https://<controller_host>:<port>/controller/. For example:

    https://example2022052902260317.saas.appdynamics.com/controller/

  1. Sign in as your test user.