Private Status Page

Private Status Pages are similar to public status pages, but only authorized users are allowed to access them. Private Status Pages are not available to the general public. Authorization is handled by OpenID SSO, and is independent from PagerDuty SSO.

๐Ÿ“˜

Packaging Information

PagerDuty offers two Status Page packaging options, one which includes public status pages, and a premium package that also features private status pages. Depending on the package you choose, other features items such as Page Subscribers, Premium Account Subscribers and Total Account Subscribers may vary.

Please contact our Sales Team for more information.

Create a Private Status Page

  1. Navigate to Status External Status Page.
  2. ClickNew Status Page and, under Status Page Type, select Private.
Initial setp

Initial setup

  1. Continue setting up the status page using the instructions from Create an External Status Page.

Configure Single Sign-On (SSO)

In order to make the private page accessible, you will need to configure SSO.

  1. On the External Status Dashboard, select the Private tab, and click the name of the page you want to configure.
Select Private tab

Select Private tab

  1. Select the Single Sign-On tab and enter the following: the Configuration URL (the URL on your OpenID server that ends with /.well-known/openid-configuration), the OpenID client ID and the OpenID client secret.
SSO configuration

SSO configuration

The instructions below detail how to integrate with two common SSO providers. You're free, however, to integrate with the SSO provider of your choice:

Okta

Create the Application

  1. Go to Applications Create App Integration.
  2. For Sign-in method, select OIDC - OpenID Connect, and for Application type, select Web Application. Click Next.
Create a new app integration

Create a new app integration

  1. Under Application, enter a name for the application. Then select Client Credentials and Authorization Code.
General settings

General settings

  1. Copy the Redirect URL from the SSO configuration in PagerDuty and paste it into the Sign-in redirect URI. Do the same for the Login URL and the Sign-out redirect URIs.
  2. Select how you would like to assign the application, and click Save.
  3. On the next page, copy the client ID and client secret, and paste it into the OpenID client ID and OpenID client Secret fields on the PagerDuty SSO configuration page.
Client credentials

Client credentials

  1. Go to Security API and select the Authorization Server you want to connect.
  2. Copy the Metadata URI and paste it into the Configuration URL field in the PagerDuty SSO configuration page.
Metadata URI

Metadata URI

  1. Replace the end of the url (oauth-authorization-server) with openid-configuration. The URL in PagerDuty must end with /.well-known/openid-configuration.
  2. Save the SSO configuration.

Profile Mapping and Custom Claims

  1. Go to Directory Profile Editor and select your application.
  2. Click Add Attribute. For the Data type, select string. Enter a Display name. For the variable name enter pd_status_pages. Select Greater than for Attribute length, with a value of 0. Select Yes for Attribute required and click Save.
Add attribute

Add attribute

  1. Click Mappings, and find pd_status_pages. Ensure that Apply mapping on user create and update is selected (the green arrow). Enter the custom claim value from the PagerDuty SSO configuration page, surrounded by single quotes, and click Save Mappings.
Custom claim value

Custom claim value

  1. Go to Security API, select the Claims tab, and click Add Claim.
  2. In the Name field, enter the name found under the Custom Claim Key on the PagerDuty SSO configuration page. Select ID Token as Always. Under Value, enter appuser.pd_status_pages.
Edit claim

Edit claim

๐Ÿ“˜

Data Requirement

The name of the claim must match the Custom Claim Key name.

Azure

Create the Application

  1. In the Microsoft Entra Admin Center, navigate to App Registrations New Registration.
  2. Enter a name for the app and the Redirect URI from the PagerDuty SSO Configuration page.
Register an application

Register an application

  1. Find the newly created app under App Registrations and select it. Then, click Add a certificate or secret to create a client secret. On the next screen, click New Client Secret.
Add a certificate or secret

Add a certificate or secret

  1. Copy newly created client secret and paste it into the PagerDuty SSO configuration page. Then go back to the previous page and copy and paste the Application (client) ID.
    Note: you will be presented with an array of values associated with your client secret.
    • Typically the values will include the following fields: "Description", "Expires", "Value", "Secret ID".
    • What you should be looking for is the Secret's "Value" field.
      • Note: Please do not use the data in the Secret's "Secret ID" field, which is UUID and not intended for the secure operations of interest.
  2. Go back to the previous screen and click Authentication. Under Front-channel logout URL, add the logout URL from the PagerDuty SSO Configuration page and Save.
Redirect URL

Redirect URL

  1. In the same menu where Authentication was found, select Manage Branding and Properties. In the Home page URL field, enter the login URL from the PagerDuty SSO Configuration page and click Save.
Home page URL

Home page URL

  1. Go back to the created application (as in step 3), and click on Endpoints. Locate the OpenID Connect metadata document url and copy it and paste it into the Configuration URL on the PagerDuty SSO Configuration page.
OpenID Connect metadata document

OpenID Connect metadata document

Profile Mapping and Custom Claims

  1. On your app page (from app registration), select Manage App roles.
App roles

App roles

  1. Click Create Role, and enter the custom claim key and custom claim value found on the PagerDuty SSO configuration page. Click Apply.
Create app role

Create app role

  1. Under Manage, select Manifest. In the JSON representation, update acceptMappedClaims to true and save.
  2. Go to Applications Enterprise Applications, select the application, and go to Single Sign-On. Click Edit next to Attributes and Claims.
Attributes and Claims

Attributes and Claims

  1. Click Add New Claim. Enter the custom claim key (status_pages) for the name. Under Source, select Attribute, and under Source attribute, enter users.assignedroles. Click Save.
Manage claim

Manage claim