How to Configure SAML 2.0 for AppDynamics

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/AppDynamics SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

---

Configuration Steps

1. Log in to your AppDynamics account as an administrator.

2. Navigate to Settings > Administration.

3. Select the Authentication Provider tab, then select Provider.

4. Enter the following:

   • Select the SAML radio button.

   • Login URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Logout URL: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Certificate: Copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   

5. Scroll down to the SAML Attribute Mappings section, and enter the following:

   • Username Attribute: Enter Username.

   • Display Name Attribute: Enter DisplayName.

   • Email Attribute: Enter Email.

   

6. Scroll down to the SAML Group Mappings section.

7. Configure Default Permissions for new users.

8. OPTIONAL: If you want to pass Okta groups as part of the SAML Response:

   1. SAML Group Attribute Name: Enter Groups.

   2. Group Attribute Value: Select Multiple Nested Group Values.

   3. Configure Mapping of Group to Roles:

      • Click the + (plus) button.

        

      • Enter the SAML Group Name that you will pass from Okta. We used AppDynamicsOwner in our example.

      • Select a required Role(s) from the right side (Account Owner in our example), then click Add.

      • Click Save.

      

   4. In Okta, select the Sign On tab for the AppDynamics app.

   5. Select your preferred Groups filter from the dropdown list (the Regex rule with the value ".*" in order to send *all* Okta groups to the AppDynamics instance we used in our example) for the attribute.

   6. Click Save.

   

9. Click Save in the AppDynamics SAML configuration UI.

10. Done!

---

Notes

• Make sure that you entered the correct value in the Subdomain (Base URL) and Account Name fields under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to AppDynamics.

• The following SAML attributes are supported:

  Name	Value
  Username	user.userName
  DisplayName	user.firstName user.lastName
  Email	user.email
  Groups	This will be configured in the app UI; see groups attribute instructions above.

SP-initiated SSO

1. Go to your controller sign in URL and enter your account name.

2. At this point you will be prompted to authenticate using a 3rd party service. Click Login.