Skip to content
Veraproof Veraproof Docs

PagerDuty Integration

PagerDuty Integration

Scimify enables SCIM provisioning for PagerDuty, allowing you to sync IdP groups with PagerDuty teams.

Overview

This integration pushes IdP groups to PagerDuty teams via SCIM. Teams created in PagerDuty will correspond to groups from your identity provider and can be used for on-call scheduling, incident response, and team-based access control.

Prerequisites

  • A PagerDuty account
  • Admin access to create OAuth applications or generate API access keys
  • For OAuth: Ability to create a Scoped OAuth application in PagerDuty
  • For API keys: API access key with team management permissions

Authentication Methods

PagerDuty integration supports two authentication methods:

Scoped OAuth (Preferred)

Scoped OAuth is the recommended authentication method for PagerDuty integrations. It provides better security (least-privilege permissions) and follows PagerDuty’s best practices.

API Access Keys

API access keys provide a simpler setup but are less secure than OAuth. Use this method if OAuth is not available for your account.

Configuration Steps

1. Create a Scoped OAuth Application in PagerDuty

  1. Log into your PagerDuty account
  2. Navigate to Integrations > App Registration
  3. Click + New App
  4. Fill out the App information
    • Name: Give it a descriptive name (e.g., “Veraproof Scimify”)
    • Description: Give it a descriptive name (e.g., “Sync Idp groups with PagerDuty teams via Veraproof Scimify”)
    • Tick OAuth 2.0 as the app type
  5. Press Next
  6. Configure the OAuth 2.0 app:
    • Authorization: Select Scoped OAuth
    • Permission Scope: Ensure the following scopes are selected:
      • teams.read
      • teams.write
      • users.read
  7. Press Register App
  8. After creating the app, note the following:
    • Client ID
    • Client Secret
    • Account Subdomain (from your PagerDuty URL, e.g., acme if your URL is acme.pagerduty.com)
    • Account Region (typically us or eu, check if eu exists in your PagerDuty URL)

2. Configure the Integration in Scimify

  1. Navigate to the Integrations page in your Scimify admin console
  2. Create a new PagerDuty integration instance
  3. Select Scoped OAuth as the authentication method
  4. Enter the following configuration:
    • Authentication Method: oauth
    • OAuth Client ID: Paste the Client ID from Step 1
    • OAuth Client Secret: Paste the Client Secret from Step 1 (this is stored securely as the API token)
    • Account Subdomain: Enter your PagerDuty account subdomain (e.g., acme)
    • Account Region: Enter your account region (e.g., us or eu)
    • Group Description (Optional): Custom description for created teams (default: “Created via Scimify for tenant {tenant_id}“)

Option 2: API Access Key Configuration

1. Generate a PagerDuty API Access Key

  1. Log into your PagerDuty account
  2. Navigate to Configuration > API Access Keys
  3. Click Create New API Key
  4. Give the key a descriptive name (e.g., “Scimify Integration”)
  5. Ensure the token has permissions to:
    • Create and manage teams
    • Read and manage users
    • Access team membership
  6. Copy the API access key

2. Configure the Integration in Scimify

  1. Navigate to the Integrations page in your Scimify admin console
  2. Create a new PagerDuty integration instance
  3. Select API Access Key as the authentication method
  4. Enter the following configuration:
    • Authentication Method: api_key
    • API Access Key: Paste the API access key generated in Step 1
    • Group Description (Optional): Custom description for created teams (default: “Created via Scimify for tenant {tenant_id}“)

3. Configure Okta SCIM

Follow the Okta SCIM Configuration guide to set up SCIM provisioning in Okta.

How It Works

  • When groups are pushed from your IdP, Scimify will create corresponding teams in PagerDuty
  • Team names will match the group names from your IdP
  • Users assigned to groups in your IdP will be added as members to the corresponding PagerDuty teams
  • Teams created via this integration can be used for on-call scheduling, incident assignments, and access control

Use Cases

Teams created through this integration can be used for:

  • On-call scheduling and rotations
  • Incident response assignments
  • Escalation policies
  • Team-based routing and notifications
  • Access control for incident management
  • Service ownership and team assignments

Troubleshooting

OAuth Authentication Issues

If you encounter OAuth authentication errors:

  1. Verify your Scoped OAuth app configuration:

    • Ensure the app type is Scoped OAuth (not Personal Access Token or other types)
    • Confirm the grant type is set to Client Credentials
    • Verify all required scopes are selected: teams.read, teams.write, users.read

  2. Check account subdomain and region:

    • The account subdomain should match your PagerDuty URL (e.g., if your URL is acme.pagerduty.com, the subdomain is acme)
    • The region should match your account region (us or eu)

  3. Verify client credentials:

    • Ensure the Client ID and Client Secret are correct
    • Make sure there are no extra spaces or characters when copying

API Key Authentication Issues

If you encounter API key authentication errors:

  1. Verify API key permissions:

    • Ensure the API key has permissions to manage teams and users
    • Check that the API key hasn’t been revoked or expired
    • Check that the API key has enabled status

  2. Check API key format:

    • Ensure the API key is copied correctly without extra spaces

User Resolution Issues

If users are not being added to teams:

  • Ensure users exist in PagerDuty with the same email address as in your IdP
  • Users must be created in PagerDuty before they can be added to teams via SCIM
  • Check that the user’s email in your IdP matches exactly with their PagerDuty account email
  • Check that the user is assigned to the Okta SCIM app instance

Need Help?

If you encounter any issues during configuration, please contact [email protected] for assistance.