Skip to main content
Version: v4.8

Add PagerDuty Integration

PagerDuty + Cyral integration benefits

For users who need access to repositories during their on-call rotations, you can automate Cyral access control so that it grants and revokes team members' access based on their on-call schedule in PagerDuty.

How it works

When a repository user attempts to connect to a repository for which SSO and the Restrict access to on-call hours option have been set up in Cyral, Cyral authenticates the user and then reads their on-call schedule from your PagerDuty instance. If the request is happening during the user's on-call window, access is allowed (and is still subject to any other limitations you set in your Cyral policy).

Requirements

  • In your PagerDuty instance, you must have an Admin, Global Admin or Account Owner role so that you can generate the PagerDuty API key that Cyral will use to connect.
  • Make sure your PagerDuty license includes REST API access (included in the Team plan or higher).

Support

For help setting up this integration, contact Cyral.

Integration walkthrough

In PagerDuty

  • In your PagerDuty instance, create a General Access REST API key. Select the checkbox for Read-only API Key to administer read-only access for users. Leave the checkbox unchecked if PagerDuty is being used to give users full access to a repository.

In Cyral

  1. To configure your PagerDuty integration, navigate to the Integrations page through the sidebar and click Setup or Configure on the PagerDuty card.

  2. In the configuration form, provide an API Key from PagerDuty in the API Key field, then name the integration as you like and click Add to complete the integration.

  3. Proceed to schedule repository access for on-call users to apply your on-call schedule to set limits on when users can connect to a repository.

How to uninstall

To remove the PagerDuty integration follow these steps in the Cyral control plane UI:

  1. For each repository where you're enforcing an on-call restriction, open Data Repos, click the the name of your repo, click Access Rules and, for each rule that shows an Authorization Policy of PagerDuty,
    • Remove the rule.
    • Recreate the rule with the Restrict access to on-call hours option turned off.
  2. Remove the PagerDuty integration:
    • Navigate to the Integrations page through the sidebar.
    • Click Configure on the PagerDuty card.
    • Click the trash can icon next to the integration you want to remove.

Next step

If you've added your APM system integration to Cyral but haven't used it to set access limits, see schedule repository access for on-call users to apply on-call schedules to set limits on when users can connect to repositories.