Additional security with enhanced access control in Dynatrace Managed

Enhanced access control provides a safeguard for sensitive monitoring data and the rights of application users to privacy. It also ensures that Dynatrace customers get access to the necessary data they need for the best possible digital user experience.

Government institutions, healthcare, and financial organizations are among the most information-intensive industries today. Especially for these industries, the control and security of their users’ access to critical applications (including Dynatrace) and the information that’s accessible with those applications is of the highest priority. For us at Dynatrace, it’s not only crucial that we deliver the best user experience, performance, and high reliability, but also that we guarantee the highest possible security for our customers. To that end, ensuring that information is accessible only to authorized users has always been of paramount importance to us.

We’re happy to announce that Dynatrace now allows you to adhere to complex security requirements for access control, including concurrent session control (NIST AC-10) and session lock (NIST AC-11). Enhanced access control provides a safeguard for sensitive data that’s monitored by Dynatrace and the rights of application users to privacy. It also ensures that Dynatrace customers get access to the necessary data they need for the best possible digital user experience.

Concurrent-session control ensures authorized-only access to sensitive data

Many of our customers have requested that only one session per user at a time be possible (i.e, no concurrent user sessions). With the release of Dynatrace Managed 1.190, when a signed-in Dynatrace user attempts to sign into Dynatrace using a different browser or device, the Dynatrace Managed login page displays a You're already signed into Dynatrace on 1 or more devices alert (see below). The only way to sign into Dynatrace on a new device is by first signing out or terminating the earlier session.

No concurrent sessions messaging in Dynatrace

Easily terminate undesired user sessions

To view or terminate any current user sessions, go to User authentication > User sessions in the Cluster Management Console. The User sessions page indicates the type of sign in, the time of its occurrence, and the originating IP address or device. Use the icon next to a user session to terminate the session. After you confirm the action, the session is immediately terminated and the user is signed out.

Terminate a user session in CMC

Control the number of concurrent sessions per user

The number of concurrent sessions per user-account should be limited to the minimum required to perform job duties. Dynatrace Managed gives you the ability to control and limit the number of concurrent user sessions per user account.

Controls to limit concurrent sessions

Keep your accounts safe with the auto-logout policy

By default, users who remain on an automatically refreshable page won’t be automatically logged out. You can easily turn on automatic logouts using the Update Cluster user sessions configuration REST API call. For example, you can set the session timeout to 900 seconds (15 minutes).

User management API calls

What’s next?

Here are some of the other features we have planned to extend this functionality further in upcoming releases:

  • REST API to remove user sessions based on node, session, or user identifier
  • Ability for users to terminate all their sessions once the concurrent session limit is reached
  • Display of each user’s sessions on the user profile page
  • UI settings for automatic sign out

If you have ideas for how we can further improve our session control settings, please reach out to us by posting in the Dynatrace Answers user forum.

Stay updated