PagerDuty
Last reviewed: 4 months ago
This guide covers how to configure PagerDuty ↗ as a SAML application in Cloudflare Zero Trust.
Prerequisites
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a PagerDuty site
1. Add a SaaS application to Cloudflare Zero Trust
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, select Pagerduty.
- For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID:
https://<your-subdomain>.pagerduty.com
- Assertion Consumer Service URL:
https://<your-subdomain>.pagerduty.com/sso/saml/consume
- Name ID format: Email
- Entity ID:
- Copy the SSO endpoint and Public key.
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
2. Create a x.509 certificate
- Paste the Public key in a text editor.
- Amend the public key so each row is a maxiumum of 64 characters long. Originally, each full row of the public key is 65 characters long.
- Wrap the certificate in
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.
3. Add a SAML SSO provider to PagerDuty
- In PagerDuty, select your profile picture and go to Account Settings > Single Sign-on.
- Turn on SAML.
- In X.509 Certificate, paste the entire x.509 certificate from step 2. Create a x.509 certificate.
- In Login URL, paste the SSO endpoint from application configuration in Cloudflare Zero Trust.
- Select Save Changes.
4. Test the integration and finalize SSO configuration
- Open an incognito window and paste your PagerDuty URL into the address bar. Select Sign Ian With Single Sign-On. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- In an incognito window, paste your PagerDuty URL and select Sign In With Single Sign-On. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- Once SSO sign in is successful, select your profile picture and go to Account Settings > Single Sign-on.
- Turn off Allow username/password login and select Save Changes. Now, users will only be able to sign in with SSO.