Multi-Factor Authentication (MFA/2FA) for PagerDuty

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to PagerDuty. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring PagerDuty to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA in PagerDuty.

PagerDuty

1. Log in to PagerDuty as Account Owner.

2. Hover your mouse cursor over your user profile’s photo in the upper-right corner and select Account Settings from the menu.

3. Select the Single Sign-on tab.

Note

The Single Sign-on tab is only available for users with a Professional, Business or Digital Operations account.

The Single Sign-on tab is also available for a free trial account.

The Single Sign-on tab is only available for the owner of the account.

4. Set Login Authentication to SAML

5. Save the value of SAML Endpoint URL. You are going to need it later.

6. Fill in the form. Refer to the following image and table.

X.509 Certificate	Enter the certificate you have downloaded from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE). Open the downloaded certificate in a text editor. Copy the entire contents and paste it into the text field.
Login URL	Enter the value of SSO URL from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway).
Logout URL	The URL shown after a successful logout. Optional. You can keep it empty.
Allow username/password login	We recommend you check this option at first when configuring and testing your integration with Rublon Access Gateway. This will ensure that you will still be able to log in with your login and password in case of any errors. Once you tested logging in to PagerDuty with Rublon 2FA and everything worked, get back to this form and uncheck Allow username/password.

7. Check other options according to your needs. Click Save Changes to save your SAML configuration.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

Application name	Enter a name for the application, e.g. PagerDuty. The name will be displayed during Rublon 2FA.
Entity ID	https://example.pagerduty.com Note: Replace example with the name of your PagerDuty account.
Assertion Consumer Service	Enter the value of SAML Endpoint URL you copied from the Single Sign-on tab in PagerDuty’s Account Settings. The SAML Endpoint URL has the following form: https://example.pagerduty.com/sso/saml/consume Note: Replace example with the name of your PagerDuty account.
Single Logout Service	https://example.pagerduty.com/sign_out Note: Replace example with the name of your PagerDuty account.
NameID format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attribute	mail
Send Attributes	NameID
Signature algorithm	sha-256
Validate AuthnRequest	Uncheck.
Sign response	Check.
Sign assertion	Uncheck.
Certificate for signing	Select the certificate you have downloaded from Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD CERTIFICATE.

3. Your configuration is now complete. You can log in to PagerDuty with Rublon 2FA.

Log in to PagerDuty with Rublon 2FA

1. Enter the address of your PagerDuty account in your browser. For example, if your account is called example, go to: http://example.pagerduty.com/.

2. Click Sign In With Your Identity Provider.

3. You will be redirected to Rublon Access Gateway login page.

4. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.

5. You will be sent a push notification. Tap APPROVE.

6. You will be successfully logged in to PagerDuty.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Rublon Access Gateway

Rublon Access Gateway – Integrations

Overview

Supported Authentication Methods

Before you start

Configuration

PagerDuty

Rublon Access Gateway

Log in to PagerDuty with Rublon 2FA

Troubleshooting

Related Posts

Try Rublon for Free