Skip to main content

How to configure the PagerDuty integration for evidence generation

Implementation Team
Updated

 

Introduction

PagerDuty is a core part of incident response for many teams, and the logs and configuration data it holds are often relied on as evidence for incident management, on-call, and availability controls. Manually pulling this evidence for audits is repetitive and error-prone.

The Complyance PagerDuty integration automates this by connecting via OAuth 2.0 and continuously collecting evidence such as incident alerts and alert configuration reports. Evidence is refreshed automatically before it expires, reducing manual effort and improving audit readiness.

Configuration

Step 1: Create an application

  1. In PagerDuty, navigate to Integrations → Developer Tools → App Registration
  2. Click + New App
  3. Fill in the following:
    • Name: Complyance Integration App
    • Description: (your choice)
    • Check the OAuth 2.0 box
  4. Click Next
  5. Check Scoped OAuth
  6. Check the permissions necessary for the integration you want to use. 
    Depending on the reports you want to generate, the Complyance team will confirm the permissions you need to ensure least privilege access.
  7. Click Register App
  8. Copy the Client ID and Client Secret
  9. Click Continue

 

 

Step 2: Locate your PagerDuty subdomain

To find your PagerDuty account subdomain, check the URL while logged in to the platform. The subdomain is the unique name before .pagerduty.com or .eu.pagerduty.com in your login URL.

 

For example, in https://acme.pagerduty.com, the subdomain is acme.

 

 

Step 3: Locate your PagerDuty region

You can tell which service region your account is based in by looking at your PagerDuty web address. EU-based accounts will have eu in the URL, while US-based accounts will not:

Service RegionWeb Address
USyour-subdomain.pagerduty.com
EUyour-subdomain.eu.pagerduty.com

 

 

Step 4: Share with Complyance

Once you have completed these steps, securely share the following with your Complyance point of contact:

  • Client ID
  • Client Secret
  • Subdomain
  • Region
     

Step 5: Agree which pre-built and custom checks you need

We have pre-built connectors with major providers and the services that sit underneath. Leveraging these connectors, we have a number of off-the-shelf checks to continuously monitor compliance and reports to prove compliance. We also frequently build configured and custom checks that are tailored to our clients - please reach out to your implementation lead to connect an additional report or check.

Related articles