SecureAuth Integration Guide

Use this document to set up your SecureAuth appliance with PagerDuty.

Pre-Requisites / Requirements

  1. You will need to have an PagerDuty account.

  2. You will need to have access to  PagerDuty to have them enable the SSO (SAML) feature.

Configuration Steps

To configure SecureAuth realm for 2-factor access to PagerDuty, please perform the following steps:

  1. Configuring SecureAuth

  2. Configuring PagerDuty for SSO (SAML) logins

Configure SecureAuth Realm

Click on the SecureAuth realm that is designated for 2-factor access (e.g. SecureAuth2)Click on the Data tab

  1. Assign the AD field (can be any field) that contains the user PagerDuty (that will be federated to PagerDuty) to the SecureAuth field on the left (i.e. “wWWHomePage” AD field is assigned to SecureAuth’s “Email Field 2” field). This assigned SecureAuth field will be selected from the “User ID Mapping” drop down list that is located under Post-Auth tab in later configuration steps.

  2. Click on the SecureAuth realm that is designated for 2-factor access (e.g. SecureAuth2)Click on the Workflow tab (on the Left)

    1. Integration Method = Certificate Enrollment and Validation

    2. Client Side Control = Java Applet

    3. Public/Private Mode = Private and Public Mode

    4. Default Public/Private = Default Private

    5. Remember User Selection =True

    6. Show UserID Textbox =True

    7. Authentication Mode = Standard (User / 2ndFactor / Password)

    8. Validation Cert =True

    9. Renew Cert (After Validation) =False

    10. Allow Restart Login =True

    11. User Impersonation =False

    12. Windows Authentication= False
      SecureAuth Configuration
      Configure SecureAuth continued....

  3. Configure your Custom Front End Section Settings:

    1. Receive Token = Send Token Only

    2. Require Receive Token = False

    3. Begin Site = _empty_

    4. Token Data Type = UserID

    5. UserID Check = True
      Custom Front EndClick Save.

  4. Click on the Post Authentication tab:

    1. Authenticated User Redirect = SAML 2.0 (SP Initiated by Post) Assertion Page

    2. User ID Mapping: Select the SecureAuth field from the drop down list that is assigned for the AD user profile field that contains the PagerDuty ID (1st screenshot above, i.e. email2 (wWWHomePage AD field))

    3. WSFed Reply To/SAML Target URL: blank

    4. SAML Consumer URL: (blank)

    5. WSFed/SAML Issuer: A static value that will be provided to PagerDuty in the metadata file, for example:https://secureauth.gosecureauth.com

    6. SAML Recipient: (blank)

    7. SAML Offset Minutes = 5

    8. SAML Valid Hours = 1

    9. Signing Cert Serial Number = Select the certificate that will be used for SAML (fingerprint of this cert will be used on the PagerDuty SAML configuration below)
      Configure the POST action
      Finish configuring the POST action

In PagerDuty

  1. Go to PagerDuty’s SSO Settings in your control panel. Click on Account Settings > Single Sign-on.
    Select the SSO menu

  2. The SAML endpoint URL at the top of the screenshot is the URL you will use to initiate a SSO login using SecureAuth.

    1. Open your exported certificate from the SecureAuth appliance in a text editor and paste the contents into the X.509 Certificate box.

    2. Enter the full URL and Realm of the SecureAuth appliance you are using to login to PagerDuty (e.g.  https://sso.company.com/secureauth2/).

    3. Check the box “Turn on Single Sign-on”. You may also check “Allow username/password login” to let users bypass SecureAuth and login directly to PagerDuty.
      Configure PagerDuty to allow SSO