Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Add a PagerDuty Connection
  • Use PagerDuty On-Call Status
  • Add a Policy to Skip a Step
  1. Admin
  2. Sources

PagerDuty

PreviousSourcesNextDirectory Sync

Last updated 1 year ago

This feature enables you to setup a connection between PagerDuty and Abbey so that Abbey can collect the on-call status of a given user. This status can then be used in policies to either auto-deny access (if a user is not on-call) or skip specific approval steps (in the event a user is on-call).

Add a PagerDuty Connection

  1. Go to page

  2. Click on either + Add a New Source or + New Source button

  3. In the "Select a source type" dropdown, pick PagerDuty as the source type

  4. Choose a name for your connection, and click Create to be redirected to PagerDuty

  5. Log into PagerDuty.

  6. Click Submit Consent to authorize Abbey Labs to read your on-call details

  7. After that, it should automatically redirect you back to Abbey, and your PagerDuty connection is now created. You're now all set to use PagerDuty on-call status in your policies and outputs

Use PagerDuty On-Call Status

Now that you have set up a PagerDuty connection, you can reference PagerDuty on-call schedules in policies skip certain approval steps.

Add a Policy to Skip a Step

  1. Add a rego policy to skip a workflow if the user is on-call in PagerDuty

    policies/on-call/pagerduty.rego
    package pagerduty

skip[msg] {
  data.user.pagerduty.is_on_call
  msg := sprintf("skipping oncall: %v", [data.user.pagerduty.is_on_call])
}

    Make sure to add .manifest as well

    policies/on-call/.manifest
    {"roots": ["pagerduty"]}

  2. Add skip_if block to the workflow you want to skip.

    main.tf
    resource "abbey_grant_kit" "null_grant" {
  ...

  workflow = {
    steps = [
      {
        reviewers = {
          all_of = [
            "alice@example.com",
            "bob@example.com",
            "carol@example.com"
          ]
        }
+        skip_if = [
+          { bundle = "github://example-org/example-repo/policies/on-call" }
+        ]
+      }
    ]
  }

  ...
}

  3. Now that you have updated your Grant Kit, Deploy Your Grant Kit

And that's it.

  • When a user requests access and they are on-call, they will skip the review process and will be granted access right away.

  • When a user requests access and they are not on-call, their request has to be reviewed by one of the reviewers as usual.

Settings > Sources
Settings > Sources page