Use this document to set up your SecureAuth appliance with PagerDuty.
You will need to have an PagerDuty account.
You will need to have access to PagerDuty to have them enable the SSO (SAML) feature.
To configure SecureAuth realm for 2-factor access to PagerDuty, please perform the following steps:
Configuring PagerDuty for SSO (SAML) logins
Click on the SecureAuth realm that is designated for 2-factor access (e.g. SecureAuth2)Click on the Data tab
Assign the AD field (can be any field) that contains the user PagerDuty (that will be federated to PagerDuty) to the SecureAuth field on the left (i.e. “wWWHomePage” AD field is assigned to SecureAuth’s “Email Field 2” field). This assigned SecureAuth field will be selected from the “User ID Mapping” drop down list that is located under Post-Auth tab in later configuration steps.
Click on the SecureAuth realm that is designated for 2-factor access (e.g. SecureAuth2)Click on the Workflow tab (on the Left)
Integration Method = Certificate Enrollment and Validation
Client Side Control = Java Applet
Public/Private Mode = Private and Public Mode
Default Public/Private = Default Private
Remember User Selection =True
Show UserID Textbox =True
Authentication Mode = Standard (User / 2ndFactor / Password)
Validation Cert =True
Renew Cert (After Validation) =False
Allow Restart Login =True
User Impersonation =False
Windows Authentication= False
Configure your Custom Front End Section Settings:
Receive Token = Send Token Only
Require Receive Token = False
Begin Site = _empty_
Token Data Type = UserID
UserID Check = True
Click on the Post Authentication tab:
Authenticated User Redirect = SAML 2.0 (SP Initiated by Post) Assertion Page
User ID Mapping: Select the SecureAuth field from the drop down list that is assigned for the AD user profile field that contains the PagerDuty ID (1st screenshot above, i.e. email2 (wWWHomePage AD field))
WSFed Reply To/SAML Target URL: blank
SAML Consumer URL: (blank)
WSFed/SAML Issuer: A static value that will be provided to PagerDuty in the metadata file, for example:https://secureauth.gosecureauth.com
SAML Recipient: (blank)
SAML Offset Minutes = 5
SAML Valid Hours = 1
Signing Cert Serial Number = Select the certificate that will be used for SAML (fingerprint of this cert will be used on the PagerDuty SAML configuration below)
Go to PagerDuty’s SSO Settings in your control panel. Click on Account Settings > Single Sign-on.
The SAML endpoint URL at the top of the screenshot is the URL you will use to initiate a SSO login using SecureAuth.
Open your exported certificate from the SecureAuth appliance in a text editor and paste the contents into the X.509 Certificate box.
Enter the full URL and Realm of the SecureAuth appliance you are using to login to PagerDuty (e.g. https://sso.company.com/secureauth2/).
Check the box “Turn on Single Sign-on”. You may also check “Allow username/password login” to let users bypass SecureAuth and login directly to PagerDuty.