PagerDuty
Configure incident-based access with Apono and PagerDuty
Incident-based access streamlines granting access while maintaining security. With this solution, after an on-call engineer acknowledges a PagerDuty incident, the same engineer can request resource access.
The workflow follows these steps:
The on-call engineer acknowledges a PagerDuty incident.
The same engineer requests resource access through Apono (web portal, Slack, CLI, or Teams).
A custom webhook in the access flow verifies the PagerDuty acknowledgment.
Once verified, Apono grants access to the required resources.
Access automatically expires after a set time or can be manually revoked.
This solution helps you ensure that only the right people get access when it’s needed and improves response times while maintaining compliance. It includes two key components:
Webhook that verifies incident acknowledgment
Access flow that manages resource permissions
Prerequisites
Apono Account Permissions
Manage Webhooks: Admin, Power User, or Deployment
Manage Access Flows: Admin or Deployment
PagerDuty Integration
Configure a webhook
This webhook verifies that the grantee is the on-call engineer who acknowledged the PagerDuty incident.
Follow these steps to configure an Apono webhook:
On the Webhooks tab, click Add Webhook. The Add Webhook page appears.
Click Manual.
Enter a unique, alphanumeric, user-friendly Manual Webhook Name for identifying this webhook.
Click the Status toggle to Active.
From the Type dropdown menu, select Integration Action.
From the Integration dropdown menu, select your PagerDuty integration.
From the Actions dropdown menu, select list_pagerduty_incidents.
In the Body Template field, enter the following JSON payload.
Add a response validation:
In the Response Validators section, click + Add.
In the Json Path field, enter $.incidents[0].status.
In the Expected Values field, type acknowledged and press Enter.
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are marked with a green dot. Inactive webhooks are marked with a white dot.
Create a Self Serve access flow
This access flow controls how on-call engineers request and receive temporary access during a PagerDuty incident. It uses the webhook you created to ensure access is granted only to engineers who have acknowledged the incident.
Follow these steps to create the Apono Self Serve access flow for PagerDuty:
On the Access Flows tab, define who can request resources through a Self Serve access flow.
Define the resource to grant access to.
Set the access duration and approval process.
Last updated
Was this helpful?