Solved

PagerDuty Onboarding SSO related

Forum|Forum|1 year ago
March 13, 2025
5 replies
144 views

Flo
Contributor ✍️

Hi team,

Is there a possibility or setting we need to be aware of where users will be able to log in via SSO even though they are not assigned to the SSO AD?

Thank you!

Best answer by xenda-amici

@Flo What is AD in this context? If you’re using SAML, there is a setting in PagerDuty's Single Sign-on "auto-provision users on first login". For more information on auto-provisioning they can refer to our public docs: https://support.pagerduty.com/main/docs/sso#optional-attributes-for-auto-provisioning

xenda-amici
Community Manager 💚
Forum|Forum|1 year ago
March 14, 2025

Hi @Flo, can you please clarify if you’re experiencing an issue where you have SSO set up and users that are not assigned the app in Active Directory are still able to log in? Or are you concerned that this could be a potential scenario?

Flo
Author
Contributor ✍️
Forum|Forum|1 year ago
March 15, 2025

Experiencing this issue.

Even though the users are not added to our SSO AD group, they are still able to log in to PagerDuty via SSO. It seems there is no issue from our AD. I am trying to understand if there are any settings in PagerDuty that enable SSO by default.

xenda-amici
Community Manager 💚
Answer
Forum|Forum|1 year ago
March 17, 2025

Flo
Author
Contributor ✍️
Forum|Forum|1 year ago
March 17, 2025

Thank you very much.

rishavjindal
New Member 👋
Forum|Forum|1 day ago
June 29, 2026

I’m configuring Azure SSO (OAuth2) for Rundeck using the official documentation:https://docs.rundeck.com/docs/administration/security/sso/azure-sso.html

I have successfully created an Application Registration in Azure AD and configured the required values in my rundeck-config.properties file.

However, after restarting the Rundeck server, the changes are not taking effect.

When I access: https://rundeck.company.com/

it redirects to: https://rundeck.company.com/user/login

instead of initiating the Azure SSO flow.

Current rundeck-config.properties file Configuration:

# rundeck-config.properties: Azure SSO

rundeck.sso.loginButton.enabled=true

rundeck.sso.loginButton.title=Login with Azure

rundeck.sso.loginButton.url=oauth/azure

rundeck.security.oauth.azure.autoConfigUrl=https://login.microsoftonline.com/<DIRECTORY_TENANT_ID>/v2.0

rundeck.security.oauth.azure.clientId=<CLIENT_ID>

rundeck.security.oauth.azure.clientSecret=<SECRET_VALUE>

rundeck.security.syncOauthUser=true

# Azure scopes

rundeck.security.oauth.azure.scope=openid email profile https://graph.microsoft.com/GroupMember.Read.All

# Attribute mapping

rundeck.ssoSyncAttribNames.firstname=given_name

rundeck.ssoSyncAttribNames.lastname=family_name

rundeck.ssoSyncAttribNames.email=preferred_username

# Optional mapping (currently commented)

#rundeck.security.oauth.azure.principleKeys=preferred_username

Issue:

Rundeck continues to redirect to /user/login instead of Azure SSO.
The Azure login button is not triggering SSO.
Changes in rundeck-config.properties do not seem to be reflected after restart.

What I’m Looking For:

What could be causing Rundeck to ignore the Azure SSO configuration?
Am I missing any mandatory configuration values for Azure OAuth?
Are there additional settings (e.g., rundeck.security.auth.type, framework settings, or profile configs) required to enable SSO?
Any troubleshooting steps to verify if the config is being picked up?

Any guidance on what I might be missing or how to debug this issue would be greatly appreciated.

Issue:

What I’m Looking For:

Join PagerDuty Commons

Login to PagerDuty Commons

Scanning file for viruses.

This file cannot be downloaded