SaaS Security Administrator's Guide
    : Onboard a PagerDuty App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Onboard SaaS Apps Supported by SSPM
    6. Onboard a PagerDuty App to SSPM
    Download PDF

    SaaS Security Administrator's Guide

    Onboard a PagerDuty App to SSPM

    Table of Contents

    Onboard a PagerDuty App to SSPM

    Connect a PagerDuty instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your PagerDuty instance, you must onboard your PagerDuty instance to SSPM. Through the onboarding process, SSPM logs in to a PagerDuty account. SSPM uses this account to scan your PagerDuty instance for misconfigured settings. If there are misconfigured settings, SSPM suggests a remediation action based on best practices.
    SSPM gets access to your PagerDuty instance through account credentials that you provide. SSPM can access the account directly or through the Okta or Microsoft Azure identity providers. Having SSPM access the account through one of these identity providers requires MFA, which adds an extra layer of security.
    To onboard your PagerDuty instance, you complete the following actions:

    Collect Information for Connecting to Your PagerDuty Instance

    To access your PagerDuty instance, SSPM requires the following information, which you will specify during the onboarding process.
    ItemDescription
    UserThe username or email address of the administrator account. The format that you use can depend on whether SSPM will be logging in directly to your account or through an identity provider.
    Required Permissions: The user must be the PagerDuty Account Owner.
    PasswordThe password for the administrator account.
    PageDuty SubdomainIf your account has a personalized PagerDuty subdomain, the name of the subdomain.
    RegionPagerDuty manages data centers in different geographical regions. You must specify your service region.
    If you are using Okta as your identity provider, you must provide SSPM with the following additional information:
    ItemDescription
    Okta subdomainThe Okta subdomain for your organization. The subdomain was included in the login URL that Okta assigned to your organization.
    Okta 2FA secretA key that is used to generate one-time passcodes for MFA.
    If you are using Azure Active Directory (AD) as your identity provider, you must provide SSPM with the following additional information:
    ItemDescription
    Azure 2FA secretA key that is used to generate one-time passcodes for MFA.
    As you complete the following steps, make note of the values of the items described in the preceding tables. You will need to enter these values during onboarding to access your PagerDuty instance from SSPM.
    1. Identify the administrator account that SSPM will use to access your PagerDuty instance. The administrator must be the PagerDuty Account Owner. SSPM needs Account Owner permissions to monitor your PagerDuty instance.
    2. Determine whether you want SSPM to log in to the administrator account directly, or through an identity provider.
      Using an identity provider adds an extra layer of security by requiring MFA using one-time passcodes. You can use Okta or Microsoft Azure as the identity provider for accessing the administrator account. However, if you use an identity provider, SSPM requires more information for MFA.
      1. (For Okta log in) To access the administrator account through Okta:
        1. Identify your Okta subdomain.
        2. Generate and copy an MFA secret key.
      2. (For Microsoft Azure log in) To access the administrator account through Microsoft Azure:
        1. Enable third-party software OATH tokens for the administrator account.
        2. Configure the account for MFA and copy the MFA secret key.
    3. Determine if your organization has a personalized PagerDuty subdomain. For example, your organization might have a personalized subdomain that is set to your company's name. You can determine if you have a personalized subdomain from your PagerDuty URL. If you have a personalized subdomain, it is prepended to your PagerDuty URL. For example, <subdomain>.pagerduty.com.
      If you have a personalized subdomain, make note of it before you continue to the next step. You must provide this information to SSPM during the onboarding process. If you do not have a personalized subdomain, you will leave the associated field blank during the onbaording process.
    4. Make note of your PagerDuty service region, which you can determine from your PagerDuty URL after you log in to your account. If the URL contains the string eu, then your region is the European Union (EU). If the URL does not contain a region code, then your region is the United States (US).

    Connect SSPM to Your PagerDuty Instance

    By adding a PagerDuty app in SSPM, you enable SSPM to connect to your PagerDuty instance.
    1. From the Add Application page (Posture SecurityApplicationsAdd Application ), click the PagerDuty tile.
    2. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
    3. Specify how you want SSPM to connect to your PagerDuty instance. SSPM can Log in with Credentials, Log in with Okta, or Log in with Azure.
    4. When prompted, provide SSPM with the administrator credentials, PagerDuty subdomain, and PagerDuty service region. If you do not have a personalized subdomain, leave the PagerDuty subdomain field blank. If SSPM is connecting to the account through an identity provider, specify the information that SSPM needs for MFA.
    5. Connect.

    © 2024 Palo Alto Networks, Inc. All rights reserved.