Users, user groups, and permissions
- Each user account is assigned to one or more user groups.
- Each user group is assigned a set of permissions.
- Each user assigned to a group inherits the permissions of that group.
- When you change the permissions of a group, the permissions of each user in that group change accordingly.
- When you assign a user to multiple groups, the user inherits the combined permissions of all those groups.
These rules apply to Dynatrace Managed and to Dynatrace SaaS. See Manage user groups and permissions for an overview of groups and permissions.
User and group management options
Depending on your deployment model (Dynatrace Managed or Dynatrace SaaS), you can do the following:
- Both models: Use an internal user database to manage users and groups with no external authentication.
- Both models: Integrate Dynatrace with an SSO IdP (Single Sign-On Identity Provider) for the management of users and groups.
- You can integrate a Dynatrace SaaS deployment with SAML 2.0 as an SSO IdP.
- You can integrate a Dynatrace Managed deployment with SAML 2.0 or OpenID as an SSO IdP.
- Dynatrace Managed only: Connect your Dynatrace Cluster to an external LDAP authentication server to import user groups or accounts that need access to your Dynatrace environment. With LDAP integration, all users are accessed from your external LDAP resource. You then assign group privileges and roles through LDAP.