PagerDuty

Integrate Apono with PagerDuty for frictionless access management to developers on duty and on-call shifts

Apono enables you to automate and control access during incidents and on-call shifts by dynamically granting permissions based on PagerDuty events and assignments. This ensures that only the right engineers have timely, just-in-time access to critical systems when it’s needed most.

With Apono’s PagerDuty integration, you can enrich access flows and approvals with incident and shift context to streamline access during active responses:

  • Access Per Ticket – Enrich access flows with ticket- and shift-based context to ensure that every request aligns with an active PagerDuty incident or assignment.

  • Access Justification – Automatically include justification details from assigned PagerDuty tickets for auditability and compliance.

  • Delegated Approvals – Allow on-call developers to approve access for teammates, such as DBAs or other engineers, who are assisting in resolving an incident.

  • Automatic On-Call Access – Enable shift members to gain automatically approved, time-limited access to production systems to fix issues quickly and safely.

For example, when an on-call engineer acknowledges an incident in PagerDuty, Apono can automatically verify the acknowledgment and grant temporary access to production resources. This workflow ensures that only authorized responders actively engaged in resolving an incident can access critical systems, maintaining both speed and security.

Integrate PagerDuty

PagerDuty tile and PagerDuty connection screen

Follow these steps to complete the integration:

  1. On the Catalog tab, click PagerDuty. The Add Integration page appears.

  2. Click Connect. The PagerDuty connection screen appears.

  3. Sign in to your PagerDuty account to authorize Apono:

    1. Enter your PagerDuty account Email address.

    2. Click Next. The Password field appears.

    3. Enter your PagerDuty account Password.

    4. Click Sign In.

Usage

Now that the integration is complete, you can create an incident-based access flow to streamline granting access while maintaining security. With this solution, after an on-call engineer acknowledges a PagerDuty incident, the same engineer can request resource access.

The workflow follows these steps:

  1. The on-call engineer acknowledges a PagerDuty incident.

  2. The same engineer requests resource access through Apono (web portal, Slack, CLI, or Teams).

  3. A custom webhook in the access flow verifies the PagerDuty acknowledgment.

  4. Once verified, Apono grants access to the required resources.

  5. Access automatically expires after a set time or can be manually revoked.

This solution helps you ensure that only the right people get access when it’s needed and improves response times while maintaining compliance. It includes two key components:

  • Webhook that verifies incident acknowledgment

  • Access flow that manages resource permissions

You must have Apono permissions to configure webhooks and access flows:

  • Manage Webhooks: Admin, Power User, or Deployment

  • Manage Access Flows: Admin or Deployment

Configure a webhook

This webhook verifies that the grantee is the on-call engineer who acknowledged the PagerDuty incident.

Add Webhook page

Follow these steps to configure an Apono webhook:

  1. On the Webhooks tab, click Add Webhook. The Add Webhook page appears.

  2. Click Manual.

  3. Enter a unique, alphanumeric, user-friendly Manual Webhook Name for identifying this webhook.

  4. Click the Status toggle to Active.

  5. From the Type dropdown menu, select Integration Action.

  6. From the Integration dropdown menu, select your PagerDuty integration.

  7. From the Actions dropdown menu, select list_pagerduty_incidents.

  8. In the Body Template field, enter the following JSON payload.

{
  "user_email": "{{data.requester.email}}",
  "status": "acknowledged"
}

  1. Add a response validation:

    1. In the Response Validators section, click + Add.

    2. In the Json Path field, enter $.incidents[0].status.

    3. In the Expected Values field, type acknowledged and press Enter.

  2. Click Save Webhook.

The new webhook appears in the Webhooks table. Active webhooks are marked with a green dot. Inactive webhooks are marked with a white dot.

Create a Self Serve access flow

This access flow controls how on-call engineers request and receive temporary access during a PagerDuty incident. It uses the webhook you created to ensure access is granted only to engineers who have acknowledged the incident.

Create Access Flow page

Follow these steps to create the Apono Self Serve access flow for PagerDuty:

  1. On the Access Flows tab, define who can request resources through a Self Serve access flow.

In steps 7-9 of Define permitted requestors, select your PagerDuty group.

  1. Define the resource to grant access to.

  2. Set the access duration and approval process.

In steps 3-5 of Set up custom approval, select Custom Approval and the PagerDuty webhook you created in Configure a webhook.

PreviousOpsgenieNextVictorOps (Splunk On-Call)

Last updated

Was this helpful?