Okta SSO Integration Guide

Okta is a single-sign on provider, which makes it easy to manage your SAAS application logins and permissions. PagerDuty is available within the Okta app catalog, making it easy to manage access to your PagerDuty account. Follow this simple guide to get your Okta account tied to your PagerDuty account.



  • In PagerDuty: You must be the Account Owner of your PagerDuty account in order to make these changes. Additionally, SSO capabilities within PagerDuty are only available on our Business and Digital Operations plans. Please contact our sales team if you are interested in upgrading your plan.
  • In Okta: Admin access is required in Okta for configuration.

In Okta

      1. Navigate to the Applications tab in the Okta Admin dashboard and click Add Application.
      2. Enter PagerDuty in the search box, then click the Add button in the search results list.
      3. Enter your PagerDuty account’s subdomain in the Organization Subdomain field, select optional settings, and click Next.
      4. Click the SAML 2.0 radio button, then click View Setup Instructions. Follow the instructions in the guide that opens, which includes steps to perform in PagerDuty. Make sure the Application username format is set to Okta username. Click Done once you’ve completed the Setup Instructions. If you would like to enable Okta’s provisioning features, continue to the next step. If you are not using the provisioning feature, please skip to step 6.
      5. Optional: If you wish to enable Okta’s provisioning features, you must first create a V2 REST API key in your PagerDuty account. Note: Copy the key to your clipboard and keep it in a safe place, as you will not be able to access it again. Once you have generated your PagerDuty V2 REST API key, navigate back to your Okta account, select the Provisioning tab and click Configure API Integration. Check enable API Integration and enter in your V2 REST API key and login email. Click the Test API Credentials button, and you should see a dialog confirming that PagerDuty was verified. Click Save to continue.

        Next, navigate to the Provisioning tab, and select To App in the left menu. Click Edit to select what provisioning options you would like to enable, and then click Save. Note: Enabling the Update User Attributes option in Okta will automatically enable each Okta <- -> PagerDuty mapping with the “Create and Update” setting. Be sure to change any individual Okta <- -> PagerDuty mapping (instructions in the next step) if you don’t intend on changing the PagerDuty field for the user on each Okta update. For example, it’s not recommended to set the role attribute to “Create and Update”.
        On the same screen, scroll down to the PagerDuty Attribute Mappings section and optionally edit these to your preference using the pencil icon, or delete them with the x icon.
      6. Next, navigate to the Assignments tab, click the Assign button and either click Assign to People or Assign to Groups, which will assign the PagerDuty app to users or groups in Okta.
      7. Search and/or find the user’s name and click Assign. You will have the options to edit their User Name and User Role on this page. Click Save and Go Back when finished.
      8. You’re done! Users that have been given access to PagerDuty will now see the the PagerDuty app in the Okta dashboard and will be able to log in with just one click. Alternatively, users can go to the login page for their PagerDuty subdomain and sign in using Okta by clicking Sign in with your Identity Provider.

    Congratulations! You should now be able to use your Okta to login to PagerDuty!


    Why don’t I see the Single Sign-on option when I go to Account Settings?

    You must be the Account Owner of your PagerDuty account in order to make these changes. Additionally, SSO capabilities within PagerDuty are only available on our Business and Digital Operations plans. Please contact our sales team if you are interested in upgrading your plan.

    I assigned the PagerDuty app to a new user in Okta, but the user can’t log in. Why was their user not created in PagerDuty?

    The most likely cause of this is your Sign On settings. In the Sign On tab in Okta, make sure that the Application username format has Okta username selected, as shown in step 4 of this guide. This will ensure that the user’s login email is filled in as the username when assigning PagerDuty to a new Okta user, as shown below:

    Why isn’t the integration respecting the user role selected in Okta, for new PagerDuty users provisioned from Okta?

    We recommend to reach out to Okta support to help with you with this, as Okta has an unusual way to reset the user role attribute if the users are already added to your PagerDuty integration within Okta.

  1. When I revoke user access to PagerDuty in Okta, will this delete the user from our PagerDuty Account?

  2. Yes. When a user’s access to PagerDuty is revoked in Okta, that user will be deleted from the PagerDuty account. This also means that they will be removed from any incidents they had been assigned to, and their assigned schedules and escalation policies. If your account has the offboarding feature, it will prompt Team Managers, Admins and Account Owners to complete the offboarding flow. If your account does not have this feature, these objects will need to be modified manually.


  1. Important Note: If your account has the offboarding feature, in order to delete PagerDuty users via Okta, you must have your User Offboarding settings (found in Configuration > Account Settings > User Offboarding) set to Automatically restart incidents on their escalation policy:

If this is set to Fail the removal of any user with assigned incidents, you will not be able to delete users via Okta.

Start Using PagerDuty Today

Try PagerDuty free for 14 days — no credit card required.