Knowledge Base
API DocsIntegrationsPagerDuty UniversityPagerDuty CommonsContact SupportMy Support Tickets

Private Status Page

Private Status Pages are similar to External Status Pages, but only authorized users are allowed to access them. Private Status Pages are not available to the general public. Authorization is handled by OpenID SSO, and is independent from PagerDuty's Single Sign-On (SSO) feature.

📘

Pricing Information

PagerDuty offers two Status Page packaging options, one which includes External Status Pages, and a premium package that also features Private Status Pages and Audience-Specific Status Pages. Depending on the package you choose, other features such as Page Subscribers, Premium Account Subscribers and Total Account Subscribers may vary.

Please contact our Sales Team for more information.

Create a Private Status Page

  1. In the PagerDuty web app, navigate to Status External Status Page.
  2. ClickNew Status Page and, under Status Page Type, select Private.
A screenshot of the PagerDuty web app showing where to select the option to make a status page private

Initial setup

  1. Continue setting up the status page using the instructions from Create an External Status Page.

Configure Single Sign-On (SSO)

You will need to configure SSO on your Private Status Page before users can access it. Private Status Pages use the OpenID Connect (OIDC) protocol to allow users access.

  1. In the PagerDuty web app, navigate to Status External Status Page, select the Private tab, and click the name of the page you want to configure.
A screenshot of the PagerDuty web app where to select private status pages

Select Private tab

  1. In the left pane, select Configuration Single Sign-On tab.
    1. Note: If prompted to Update your SSO Configuration, click Continue to proceed. Otherwise, proceed to the next step.
  2. Enter the following information:
    1. Configuration URL (i.e., the URL on your OpenID server that ends with /.well-known/openid-configuration)
    2. OpenID client ID
    3. OpenID client secret
A screenshot of the PagerDuty web app showing SSO configuration details for Private Status Page

SSO configuration

  1. Click Test SSO to check your configuration. Resolve any reported errors and proceed to the next step.
    1. Note: After successfully configuring and saving your SSO settings, Test SSO may not appear in the UI the next time you visit the page.
  2. Click Save.

The instructions below detail how to integrate with common SSO providers. You are free, however, to integrate with the SSO provider of your choice:

Audience-Specific Status Page

Audience-Specific Status Pages enhance Private Status Pages by allowing authorized users to see customized views based on their access level. This feature is only available to users authenticated through OpenID SSO, which operates separately from PagerDuty's Single Sign-On (SSO) feature.

📘

Audience Limit

You can add up to 100 audiences per status page.

Create an Audience-Specific Status Page

📘

Requirements

To set up Audience-Specific functionality, you must first:

  1. Configure a Private Status Page.
  2. Configure SSO on the Private Status Page.

🚧

Conversion Warning

Once you convert a Private Status Page to an Audience-Specific Status Page, you will not be able to revert it. If you want all users to see the same view of the status page, you must add them to the same audience.

  1. After you’ve created the Private Status Page and configured SSO, click the Status Page’s name to open its settings.
  2. From the left menu, select the Configuration drop-down Business Services
    Audiences tab.
  3. To the right of the New Audience button, select the menu Audience Settings.
  4. Next, select the Default Business Services that are visible to all users that have access to the Private Status Page.
  5. At the bottom of the page, enter the Group claim custom key from your SSO Provider to enable audience filtering, and then click Save
  6. Once saved, click New Audience to create a new audience view for the status page.
  7. Enter the following:
  • Audience Name: Define how to name this audience.
  • Description: Describe the purpose of this audience.
  • Group Claim: Add the group claim used in your SSO provider to link groups to the SSO provider. This must match the audience key from the SSO provider.
  • Select the Business Services that should be visible to this Audience, or users who sign in with credentials with this Group Claim.
  1. Click Create Audience to create the Audience-Specific Status Page.

Example: Configure Audience Groups in Okta

Using Okta as an example, the following is a sample flow for setting up Audiences.

📘

Prerequisite

You must have Okta SSO configured for Private Status Pages in PagerDuty.

  1. In Okta, navigate to Directory Groups.
  2. Click Add group to create groups for the PagerDuty Status Page Audiences. Enter a Group Name and optional Description. Note: The names of the groups created need to match the Group Claim for each PagerDuty Audience. Click Save and continue adding as many groups as necessary.
  3. Assign users to each created group as necessary by clicking the Group Name Assign people click the icon to the right of each user you’d like to assign click Done in the upper right.
  4. Next, navigate to Security API select the Authorization Server for the Private Status Page.
  5. Select the Claims tab Add Claim and perform the following:
    1. Name: The claim name needs to match the Group Claim custom key on the Audience setting page in PagerDuty.
    2. Included in token type: Select ID Token = Always
    3. Value Type: Select Groups
    4. Filter: Matches regex = .* (To match any groups available)
    5. Disable claim: Leave unchecked
    6. Include in: Any scope
  6. Click Create. You should now be able to see the audiences in the token under the Token Preview tab Preview Token.

Okta

Create the Application

  1. Go to Applications Create App Integration.
  2. For Sign-in method, select OIDC - OpenID Connect, and for Application type, select Web Application. Click Next.
A screenshot of the Okta UI showing how to create a new app integration

Create a new app integration

  1. Under Application, enter a name for the application.
A screenshot of the Okta UI showing an application's general settings

General settings

  1. Copy the Redirect URL from the SSO configuration in PagerDuty and paste it into the Sign-in redirect URI. Do the same for the Login URL and the Sign-out redirect URIs.
  2. Select how you would like to assign the application, and click Save.
  3. On the next page, copy the client ID and client secret, and paste it into the OpenID client ID and OpenID client Secret fields on the PagerDuty SSO configuration page.
A screenshot of the Okta UI showing client credentials

Client credentials

  1. Go to Security API and select the Authorization Server you want to connect.
  2. Copy the Metadata URI and paste it into the Configuration URL field in the PagerDuty SSO configuration page.
A screenshot of the Okta UI showing the application's metadata URI

Metadata URI

  1. Replace the end of the URL (oauth-authorization-server) with openid-configuration. The URL in PagerDuty must end with /.well-known/openid-configuration.
  2. Save the SSO configuration.

Profile Mapping and Custom Claims

  1. Go to Directory Profile Editor and select your application.
  2. Click Add Attribute. For the Data type, select string. Enter a Display name. For the variable name enter pd_status_pages. Select Greater than for Attribute length, with a value of 0. Select Yes for Attribute required and click Save.
A screenshot of the Okta UI showing how to add an attribute

Add attribute

  1. Click Mappings, and find pd_status_pages. Ensure that Apply mapping on user create and update is selected (i.e., it shows a green arrow). Enter the custom claim value from the PagerDuty SSO configuration page, surrounded by single quotes, and click Save Mappings.
A screenshot of the Okta UI showing how to configure custom claim values

Custom claim value

  1. Go to Security API and select the authorization server you will be using. Then select the Claims tab and click Add Claim.
  2. In the Name field, enter the name found under the Custom Claim Key on the PagerDuty SSO configuration page. Select ID Token as Always. Under Value, enter appuser.pd_status_pages.
A screenshot of the Okta UI showing how to edit a claim

Edit claim

📘

Data Requirement

The name of the claim must match the Custom Claim Key name.

Azure AD / Entra ID

Create the Application

  1. In the Microsoft Entra Admin Center, navigate to App Registrations New Registration.
  2. Enter a name for the app and the Redirect URI from the PagerDuty SSO Configuration page.
A screenshot of the Azure UI showing how to register an application

Register an application

  1. Find the newly created app under App Registrations and select it. Then, click Add a certificate or secret to create a client secret. On the next screen, click New Client Secret.
A screenshot of the Azure UI showing how to add a certificate or secret

Add a certificate or secret

  1. Copy newly created client secret and paste it into the PagerDuty SSO configuration page. Then go back to the previous page and copy and paste the Application (i.e., client) ID.
    Note: you will be presented with an array of values associated with your client secret.
    • Typically the values will include the following fields: Description, Expires, Value, Secret ID.
    • Look for the secret's Value field.
      • Note: Please do not use the data in the Secret's Secret ID field, which is UUID and not intended for the secure use.
  2. Go back to the previous screen and click Authentication. Under Front-channel logout URL, add the logout URL from the PagerDuty SSO Configuration page and Save.
A screenshot of the Azure UI showing the redirect URL

Redirect URL

  1. In the same menu where Authentication was found, select Manage Branding and Properties. In the Home page URL field, enter the login URL from the PagerDuty SSO Configuration page and click Save.
Home page URL

Home page URL

  1. Go back to the created application (as in step 3), and click on Endpoints. Locate the OpenID Connect metadata document URL and copy it and paste it into the Configuration URL on the PagerDuty SSO Configuration page.
A screenshot of the Azure UI showing where to find the OpenID Connect metadata document

OpenID Connect metadata document

Profile Mapping and Custom Claims

  1. On your app page (from app registration), select Manage App roles.
A screenshot of the Azure UI showing to find app roles

App roles

  1. Click Create Role, and enter the custom claim key and custom claim value found on the PagerDuty SSO configuration page. Click Apply.
A screenshot of the Azure UI showing how to create an app role

Create app role

  1. Under Manage, select Manifest. In the JSON representation, update acceptMappedClaims to true and save.
  2. Go to Applications Enterprise Applications, select the application, and go to Single Sign-On. Click Edit next to Attributes & Claims.
A screenshot of the Azure UI showing where to edit Attributes & Claims

Attributes and Claims

  1. Click Add New Claim. Enter the custom claim key (status_pages) for the name. Under Source, select Attribute, and under Source attribute, enter user.assignedroles. Click Save.
A screenshot of the Azure UI showing how to manage a claim

Manage claim

  1. Go to Applications Enterprise Applications, select the application, and go to Users and groups. Click Add user/group. Select the users who should have access to the private status page, then select the status_pages role. Click Assign.
A screenshot of the Azure UI showing how to assign an app role

Assign app role

Salesforce

Create the Application

  1. Ensure that the Identity Provider is enabled in Salesforce. In the Setup view go to Settings Identity Identity Provider, and click Enable Identity Provider.

    A screenshot of the Salesforce UI showing how to enable identity provider

    Enable identity provider

  2. Go to Settings Identity OAuth and OpenID Connect Settings and ensure that the Allow Authorization Code and Credentials Flows option is enabled.

    A screenshot of the Salesforce UI showing where to enable Allow Authorization Code and Credentials Flows

    Allow Authorization Code and Credentials Flows

  3. Go to Platform Tools Apps App Manager and click New Connected App.

    A screenshot of the Salesforce UI showing how to create a new connected app

    New connected app

  4. Enter basic information, then enable OAuth settings and populate the following fields, and save:

    1. Callback URL: use the redirect URL from your PagerDuty Private Page

    2. Selected OAuth Scopes: Add Access unique user identifiers (openid)

    3. Enable Authorization Code and Credentials Flow: Enable

    4. Require user credentials in the POST body for Authorization Code and Credentials Flow: Enable

    5. Require Secret for Web Server Flow: Enable (optional)

    6. Issue JSON Web Token (JWT)-based access tokens for named users: Enable

    7. Configure ID Token: Enable

    8. Include Custom Attributes: Enable

  5. After saving, click on Manage Consumer Details to get the Consumer Key and Consumer Secret.

  6. On your PagerDuty private page Single Sign-On Settings, populate the following fields and save:

    1. Configuration URL: https\://{{your-workspace-domain}}.my.salesforce.com/.well-known/openid-configuration
    2. OpenID client ID: {{Consumer Key}}
    3. OpenID client secret: {{Consumer Secret}}

Profile Mapping and Custom Claims

  1. Back in Salesforce, grant permissions to the groups that you want to be able to access the page (if users are not self-authorizing). To do this, go to Apps Connected Apps Manage Connected Apps and click on Manage Permissions under the Permission Sets field.

    A screenshot of the Salesforce UI showing how to manage permission sets

    Permission sets

  2. Finally, to add the status page ID, go back to the previous view (i.e., Manage Connected Apps) and click New next to Custom Attributes.

  3. Paste the Custom Claim Key and Custom Claim Value from the PagerDuty SSO settings, into the Attribute key and Attribute value fields.

    A screenshot of the Salesforce UI showing how to create a custom attribute

    Create custom attribute

Ping Identity

Create the Application

  1. Go to Applications, and click to add a new application.

    A screenshot of the Ping Indentity UI showing how add a new application

    Add application

  2. Enter an application name, select an application type, and click Save.

    A screenshot of the Ping Indentity UI showing how to configure application settings

    Application settings

  3. Click on the Configuration tab and the URLs dropdown.

  4. Copy the OIDC Discovery Endpoint, the Client ID, and the Client Secret, and paste these values into the PagerDuty private page Single Sign-On Settings.

    A screenshot of the Ping Indentity UI showing configuration settings

  5. Edit the configuration by clicking the pencil button in the top right corner, update the following fields, and save:

    1. Client Credentials: Enable
    2. Redirect URIs: the redirect URL from the PagerDuty Single Sign-On page
    3. Token Endpoint Authentication Method: Client Secret Post
    4. Initiate Login URI: Login URL from the PagerDuty Single Sign-On page
    5. Signoff URLs: Logout URL from the PagerDuty Single Sign-On page
    A screenshot of the Ping Indentity UI showing how to configure general settings

    General settings

  6. In the Resources tab, check that the openid scope is available.

    A screenshot of the Ping Indentity UI showing how to allow the openid scope

    Allow openid

Profile Mapping and Custom Claims

  1. Go to Directory User Attributes and click to add a new attribute.

  2. Select Declared, enter a name for the attribute and save it.

    A screenshot of the Ping Indentity UI showing how to add an attribute

    Add attribute

  3. Go to Users, edit any users you want to grant access, and click Add next to Custom Attributes. Enter the custom claim ID value found on the Single Sign-On page.

    A screenshot of the Ping Indentity UI showing how to add custom attributes

    Custom attributes

  4. Go to Applications Resources, find the openid resource that is being used, and select it.

  5. Go to the Attributes tab and click to add a new attribute.

    A screenshot of the Ping Indentity UI showing how to configure attributes

    Attributes

  6. Enter the Custom Claim Key from the Single Sign-On page and select the attribute that you created in steps 1–3.

Remove Users from a Private Status Page

Removing a user's access through your SSO provider alone will not automatically remove them as a subscriber to a Private Status Page in PagerDuty as well. They may continue to receive status update until you have taken the following steps:

  1. Remove the user's access in your SSO provider. Please see your SSO provider's documentation for specific instructions.
  2. In the PagerDuty web app, navigate to Status External Status Page.
  3. Select the desired status page's name.
  4. In the left panel, select Subscribers.
  5. Select the appropriate tab (i.e., Email, Slack or Webhook), and optionally enter a search term to find the desired user.
  6. On the right of the user's row, select Delete.
  7. In the confirmation modal, click Yes, delete.

Updated 10 days ago

Learn more