PAGERDUTY

miniOrange provides secure access to PagerDuty for enterprises and full control over access to the applications. Single Sign On (SSO) into PagerDuty with one set of login credentials.

miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)

• IdP Initiated Single Sign On (SSO)

  In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

• Enduser first authenticates through miniOrange Idp by login into miniOrange Self Service Console.
• The Enduser will be redirected to their PagerDuty account by clicking the PagerDuty icon on the Enduser Dashboard - there is no need to log in again.

• SP-Initiated Single Sign On (SSO)

  In SP Initiated Login, SAML request is initiated by PagerDuty.

• An Enduser tries to access their PagerDuty domain.
• They will be redirected to miniOrange Self Service Console.
• Here they can enter the miniOrange login credentials and login to their PagerDuty Account.

Follow the Step-by-Step Guide given below for PagerDuty Single Sign On (SSO)

Step 1: Configure SSO for PagerDuty

1. Login to miniOrange Admin Console.
2. Go to Apps Tab from the menu and select Configure Apps.
3. Select PagerDuty from the Application Name drop-down menu.




4. Make sure the SP Entity ID or Issuer is in the format: https://your_domain.pagerduty.com/sso/saml/consume.
5. Make sure the ACS URL is in the format: https://your_domain.pagerduty.com/sso/saml/consume
6. Leave the Attributes section empty.
7. Click on Show Advanced Settings. Against Relay State select Custom Attribute Value & enter URL.
8. Enable Override RelayState.
9. You can set another value for relay state depending on where you want to redirect the user after SSO.
10. Add a new policy for PagerDuty.
1. Select a Group Name from the dropdown - the group for which you want to add PagerDuty policy.
2. Give a policy name for PagerDuty in the Policy Name field.
3. Select the First Factor Type for authentication.
4. Enable Second Factor for authentication if required.





11. Click on Save to configure PagerDuty.
12. Click on Metadata to download the certificate which will be required later.




13. Login to your PagerDuty domain as the Account Administrator.
14. Go to Configuration in the menu bar and select Account Settings.
15. Then click on Single Sign-on link under the Account Details section in the right pane.




16. Under the Login Authentication section, select SAML and enter the details as shown:



X.509 Certificate	Open the downloaded certificate in Notepad and copy the content here.
Login URL	https://login.xecurify.com/moas/idp/samlsso
Logout URL (optional)	https://login.xecurify.com/moas/idp/samllogout

17. Check the other options as per your requirements.
18. Click on Save Changes to save the SAML SSO Settings.

Step 2: Onboard users into our system.

• Click on Users >> Add User.



• Here, fill the user details without the password and then click on the Create User button.



• Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.



• Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
• On the next screen, enter the password and confirm password and then click on the Reset Password button.



• Now, you can login into miniOrange account by entering your credentials.

Step 3: Login to miniOrange Account

• Go to miniOrange dashboard and select the User Dashboard from the right side menu.



• Click on pagerduty application which you added, to verify your sso configuration.

Using Two Factor Authentication for Pagerduty

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, tracks who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.

For Further Details:

http://www.pagerduty.com/blog/how-we-added-single-sign-on-to-pagerduty/