Auth0 SSO Integration Guide

Auth0 is a single-sign on provider, which makes it easy to manage your SAAS application logins and permissions. Follow this simple guide to get your Auth0 account tied to your PagerDuty account.

 

 

In Auth0

1. Go to the Apps / APIs section in Auth0, then click New App / API.
2. Enter a name for your new PagerDuty app in Auth0 and click Save.
3. Log in to your PagerDuty account, click your user icon on the right and select Account Settings and select the Single Sign-on tab.
4. Click the SAML radio button to configure Single Sign On in PagerDuty and copy the SAML Endpoint URL to paste into Auth0.
5. In the new Auth0 app you created in step 2 above, click the Settings tab, then paste the SAML Endpoint URL you copied in step 4 in to the Allowed Callback URLs text area, and click Show Advanced Settings.
6. Scroll down to the Certificates section and click the copy button next to the Signing Certificate.
7. In PagerDuty, paste the certificate in the X.509 Certificate field. Leave the page open and return to Auth0.
8. In Auth0, scroll down to the Endpoints section and click the SAML tab. Click the copy button for the SAML Protocol URL and click Save Changes.
9. In PagerDuty, paste the SAML Protocol URL from Auth0 in the Login URL field.When you complete the steps in this guide and are done testing, you can return to this page to disable user logins via username and password.With auto provisioning enabled, you can allow SSO users to create a PagerDuty account without manual intervention, however please keep in mind that adding additional users will affect your billing if you go over the number of users included in your pricing plan.Click Save Changes when you are done on this page.
10. Back in Auth0, click the Addons tab for your app and toggle the SAML 2 Web App add-on so that it is ON.
11. A settings dialog will open when you turn SAML 2 Web App on. Replace the JSON in this dialog with the following, changing YOUR-SUBDOMAIN-HERE to the subdomain you use to access PagerDuty:

    {
     "audience":  "https://YOUR-SUBDOMAIN-HERE.pagerduty.com",
     "destination":          "https://YOUR-SUBDOMAIN-HERE.pagerduty.com/sso/saml/consume",
     "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
     "nameIdentifierProbes": [
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
     ]
    }

12. Scroll down past the SAML descriptions and click Save.
13. Congratulations! You should now be able to log in to PagerDuty using Auth0.

FAQ

Can the account owner log in without SSO if username and password authentication is disabled?

Even with this username and password authentication disabled for users, the Account Owner will always be able to login with their username and password as a backup option should you need to change the SSO configuration or disable it completely.

Why don’t I see the Single Sign-on option when I go to Account Settings?

SSO is only available in accounts on our current Professional, Business and Digital Operations plans. Please contact our sales team if you are interested in upgrading your plan.