Turn any signal into insight and action. See how PagerDuty Digital Operations Management Platform integrates machine data and human intelligence to improve visibility and agility across organizations.
Connect insights to real-time action by aligning teams through the shared language of business impact.
Check out the latest products we’ve been working on—including event intelligence, machine learning, response automation, on-call, analytics, operations health management, integrations, and more.
Digital Operations Management arms organizations with the insights needed to turn data into opportunity across every operational use case, from DevOps, ITOps, Security, Support, and beyond.
Over 300 Integrations
Discover DevOps best practices with our library of webinars, whitepapers, reports, and much more.
Learn best practices and get support help with resources from our award-winning support team.
See how PagerDuty works with our live product demo — twice a week, every week.
Join live and on-demand webinars for product deep dives, industry trends, configuration training, and use case-specific best practices.
Interactive, simple-to-use API and technical documentation enables users to easily try updates and extend PagerDuty.
Engage with users and PagerDuty experts from our global community of 200k+ users. Become a member, connect, and share insights for success.
Get all your PagerDuty-related questions answered by exploring our in-depth support documentation and community forums.
PagerDuty Launches a New Set of Integrations for Jira IT Operations, DevOps, and Developer teams count on PagerDuty’s 300+ integrations to power their end-to-end real-time...
PagerDuty helps organizations transform their digital operations. Learn more about PagerDuty's mission and what we do.
Meet our experienced and passionate executive team.
We are risk-taking innovators dedicated to delivering amazing products and delighting customers. Join us and do the best work of your career.
With the PagerDuty Foundation, we are committed to doing our part in giving back to the community.
Since we’ve launched Single Sign-On we’ve received a lot of good feedback from our customers about having to remember one less password. While SSO doesn’t impact PagerDuty’s core operations performance management feature set, planning and implementing the new feature took a lot of careful consideration.
After deciding to offer single sign-on support for PagerDuty, we knew we needed something that can integrate well with our Rails application. We researched possible solutions, but determined that OneLogin’s Ruby SAML Toolkit was the best solution for us. It is trusted by other companies in our space and had all the capabilities we envisioned needing.
To ensure this would work, we scrounged up a working prototype with a simple implementation. One endpoint to initiate authentication from our end and another to consume the response from identity providers.
The proof of concept worked, allowing us to start building the feature we wanted.
To make sure using OneLogin’s Ruby SAML toolkit didn’t introduce vulnerabilities to our systems we began with a mixture of manual and automated tests. One scenario we tested was when a SAML response from an identity provider is captured, and subsequently tampered with (e.g. changed email address) what would happen? The toolkit already has a few check-in points in place for this scenario and thus forbids authentication.
Even with the toolkit’s robust functionality, we did make a couple modifications to make the toolkit fit our needs and give it the PagerDuty stamp of approval. For example. we’ve modified SAML endpoints to always use SSL and made sure certificate validity periods are honored.
In order to support SSO for our mobile applications, we used SAML in combination with OAuth where our iOS and Android applications obtain an authentication token after successful SAML authentication.
Before any major release, we give a few of our customers the chance to preview our upcoming feature with a test drive. This not only allows us to find bugs and dive deeper into our customers’ use cases, but (and arguably more importantly) allows us to learn to monitor our new feature effectively.
We monitor our Single Sign-On feature primarily using Sumo Logic. Setting up Sumo Logic’s monitoring for our SAML and OAuth endpoints during our customer preview set the stage for us to learn about what we should monitor.
In our initial set up, we learned that our alerts were not detailed enough (or actionable). We found that we often would receive an alert reading “Invalid SAML response,” which caused our on-calls to spend more time investigating what went wrong before being able to fix the issue. As a result, we started looking for events and set specific thresholds to create alerts with meaningful information (e.g. SAML response invalid, XML could not validate, assertion invalid due to date/time restrictions) without revealing any sensitive data about the authentication attempt.
For our team to work more effectively, we created dashboards and search queries for both the number of successful authentications and failures. Depending on the number of errors we can start to determine what’s going on and if action is required.
Our customer preview allowed us to learn a lot about authentication behavior to ensure we knew what each event meant to fine tune our alerting. If something unexpected occurs we can make sure we can act quickly for our customers and deliver the reliability our customers depend on.
Specifically during our preview we were confronted by Clock Drift. We learned that authentication between PagerDuty and an identity provider can fail due to clock skew between servers. An identity providers server may be ahead of our server’s time causing the authentication to fail because the server times don’t match.
Luckily, OneLogin’s Ruby SAML Toolkit has a built in feature that helps authenticate identity, accounting for clock drift. After this discovery we were able to set a certain value after some passes in our testing environment to account for the time differences between servers.
We’ve partnered with Okta, OneLogin and Ping Identity to make it really easy to turn on SSO for your PagerDuty account. But you can also implement SSO for any SAML 2.0 capable identity provider, including Active Directory Domain Services (Via ADFS, which integrates with Active Directory Domain Services, using it as an identity provider). We’ve also put a guide together to help you set up SSO with Google Apps.
Has this feature benefited your team? Let us know in the comments.
Continuing our ongoing effort to make incident response best practices easy to adopt, PagerDuty is pleased to announce that response plays are now available! Response...
Dynamic Notifications are now out in the wild! With our launch today, we give PagerDuty users the power to dynamically adjust how they are notified...
600 Townsend St., #200
San Francisco, CA 94103
905 King Street West, Suite 600
Toronto, ON, M6K 3G9, Canada
1416 NW 46th St., St. 301
Seattle, WA 98107
5 Martin Place
1 Fore St,
London EC2Y 9DT
© 2009 - 2018