Users can login to PagerDuty using Teamstack via SAML. Your users will use their Teamstack credentials when logging into PagerDuty.
Features:
PagerDuty (SP) initiated Single Sign-On
Teamstack (IdP) initiated Single Sign-On
JIT (Just In Time) Provisioning
Requirements:
Plan: Business
Set up SSO via SAML for PagerDuty
To set up SSO you first need to create a PagerDuty app in Teamstack, assign it to yourself and then configure PagerDuty SSO with the SAML settings from Teamstack.
Step 1: Create PagerDuty app in Teamstack
Go to your Applications in Teamstack.
Click "Add Application" in the top right corner.
Search for "PagerDuty" and click "Add".
Select this app to be a "SAML" app and enter your PagerDuty subdomain ( If your URL is https://myCompany.pagerduty.com, enter myCompany ) and leave the "Relay State" input empty.
On your applications overview, click on the newly created PagerDuty app. You will see all details about this app.
Click on "Users" and assign this app to yourself. You will need this to test that SAML is working during setup in PagerDuty.
Click on the "SAML Configurations" tab. Keep this page open, you will need these values once you configure the SAML settings in PagerDuty.
Step 2: Set up SAML in PagerDuty
When you enable SSO in PagerDuty, you can decide if users should still be able to log in with their username and password or if it should be mandatory to log in via SAML. For testing you should allow users to be able to log in with username and password. You can later decide to disable it.
Login to PagerDuty with your administrator account
From you dashboard, click on "Configuration" -> "Account Settings"
Click on the "Single Sign-on" tab and select "SAML". Enter the following settings:
- For "X.509 Certificate", paste in your "Identity Provider Certificate" from step 1.7.
- For "Login URL", enter the "Sign-in Page URL" from step 1.7You can optionally enable "User Provisioning". It will automatically create a new user in PagerDuty as soon as an unknown user logins to PagerDuty for the first time.
Click on "Save Changes" to save the settings.
Test:
If you assigned the PagerDuty app to yourself in Teamstack, you can now test if SAML is working correctly:
Open a new incognito tab in your browser and login to Teamstack.
Click on your PagerDuty app from the dashboard.
It will redirect you to PagerDuty and you will be logged in.
You can now assign the PagerDuty app in Teamstack to users and groups. Everybody assigned to this app will now have access to PagerDuty.
Note:
Auto-provisioned users will have a role of "user". This User role is linked to the User basic role and Manager advanced permission role.