SAML v2 & PagerDuty

PagerDuty + FusionAuth Integration Benefits

• Simplify the user login experience because each user only has to remember one set of credentials.
• Maintain centralized control of who has access to your Pager Duty account.
• Authorized users gain transparent access between all applications using FusionAuth as an identity provider.
• Increase security and flexibility of login credentials, including using passkeys and multi-factor authentication

How it Works

• When a user reaches the PagerDuty login screen, they can sign in using their credentials from FusionAuth.
• User management and access is managed by FusionAuth.

Requirements

In PagerDuty: you must have a Business or Digital Operations plan and be the Account Owner in order to enable Single Sign-On. For more information about this feature, please visit their SSO support page. If you do not have this role, please reach out to the Account Owner within your organization to configure the integration.

In FusionAuth: you need to be able to configure a SAML connection on an application. This can be done manually with a user account assigned either the admin or application_manager role. It can also be done with an API key that has the application permission.

Support

If you need help with this integration, you can request assistance in one of two ways.

• If you have a plan which includes technical support, please open a support ticket.
• If you do not have a plan which includes technical support, please create a forum post.

You can review our Technical Support documentation for more details.

Integration Walkthrough

In PagerDuty

1. The Account Owner can configure the SSO settings by navigating to User Icon -> Account Settings -> Single Sign-On.
2. Select the SAML radio button.
3. Copy the SAML Endpoint URL.

In FusionAuth

1. Click the Applications link in the sidebar.
2. Create a new Application by clicking the green + button in the top right corner of the page.
3. Enter a name, such as PagerDuty, for the app and then click on the SAML tab.
4. Set the Enabled field to true to turn the integration on.
5. Configure SAML functionality to integrate with your PagerDuty account.
   • Set the Issuer value to https://YOUR-SUBDOMAIN.pagerduty.com, where YOUR-SUBDOMAIN is the value of your PagerDuty subdomain.
   • Leave the Audience blank.
   • Paste the SAML Endpoint URL you copied from PagerDuty into the Authorized redirect URLs field. The value in this field will be blue when entered.
6. Save the application by clicking the blue floppy disk icon in the top right corner of the page.
7. When redirected back to the Applications page, view your application details by clicking the magnifier green icon.
   • In the dialog, scroll down to the SAML v2 Integration details section.
   • Copy the Entity Id URL and open it in a new browser tab. This will contain configuration you’ll need shortly.
     • Note: This address contains an XML file. If your browser doesn’t automatically format it, you can copy everything and use an online XML beautifier.
     • Copy the contents of the X509Certificate element from the XML file and paste them in PagerDuty.
       • You should paste the contents enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, like the example below:

-----BEGIN CERTIFICATE-----
<contents of X509Certificate copied from FusionAuth>
-----END CERTIFICATE-----

Here’s a walkthrough of these steps

• Copy the Login URL from FusionAuth SAML v2 Integration details section and paste it in PagerDuty’s own Login URL field.

8. In PagerDuty, click Save Changes at the bottom of the screen.

Testing

. To test the integration, open your PagerDuty application address in another browser or in private mode.

• Below the login form, click the blue Sign In With Your Identity Provider button to navigate to the FusionAuth login screen.
• After logging in, you should be automatically redirected to your PagerDuty application already signed in with that same account.

How to Uninstall

In PagerDuty, the Account Owner can disable SSO settings by navigating to the User Icon -> Account Settings -> Single Sign-On and choosing the PagerDuty radio button.