PagerDuty
Configure incident-based access with Apono and PagerDuty
Last updated
Was this helpful?
Configure incident-based access with Apono and PagerDuty
Last updated
Was this helpful?
Incident-based access streamlines granting access while maintaining security. With this solution, after an on-call engineer acknowledges a PagerDuty incident, the same engineer can request resource access.
The workflow follows these steps:
The on-call engineer acknowledges a PagerDuty incident.
The same engineer requests resource access through Apono (web portal, Slack, CLI, or Teams).
A custom webhook in the access flow verifies the PagerDuty acknowledgment.
Once verified, Apono grants access to the required resources.
Access automatically expires after a set time or can be manually revoked.
This solution helps you ensure that only the right people get access when it’s needed and improves response times while maintaining compliance. It includes two key components:
that verifies incident acknowledgment
that manages resource permissions
Apono Account Permissions
Manage Webhooks: Admin, Power User, or Deployment
Manage Access Flows: Admin or Deployment
PagerDuty Integration
This webhook verifies that the grantee is the on-call engineer who acknowledged the PagerDuty incident.
Follow these steps to configure an Apono webhook:
Click Manual.
Enter a unique, alphanumeric, user-friendly Manual Webhook Name for identifying this webhook.
Click the Status toggle to Active.
From the Type dropdown menu, select Integration Action.
From the Integration dropdown menu, select your PagerDuty integration.
From the Actions dropdown menu, select list_pagerduty_incidents.
In the Body Template field, enter the following JSON payload.
Add a response validation:
In the Response Validators section, click + Add.
In the Json Path field, enter $.incidents[0].status.
In the Expected Values field, type acknowledged and press Enter.
Click Save Webhook.
The new webhook appears in the Webhooks table. Active webhooks are marked with a green dot. Inactive webhooks are marked with a white dot.
This access flow controls how on-call engineers request and receive temporary access during a PagerDuty incident. It uses the webhook you created to ensure access is granted only to engineers who have acknowledged the incident.
Follow these steps to create the Apono Self Serve access flow for PagerDuty:
Set the access duration and approval process.
Apono to configure webhooks and access flows:
between Apono and PagerDuty
On the tab, click Add Webhook. The Add Webhook page appears.
On the Access Flows tab, through a Self Serve access flow.
In steps 7-9 of , select your PagerDuty group.
to grant access to.
In steps 3-5 of , select Custom Approval and the PagerDuty webhook you created in .