# Incident.io ## Incident.io approval P0's Incident.io integration allows on-call users to approve access requests based on their on-call schedule assignments. You can configure two types of on-call approval: * **Auto-approval:** Automatically approve access requests if the requestor is now on-call for any schedule in your Incident.io account. * **On-call approver:** Allow users who are on-call for specific schedules to approve others' access requests via routing rules. {% hint style="warning" %} Any Incident.io user who is now on-call for an enabled schedule can approve access requests. Ensure your schedule assignments reflect appropriate trust levels. {% endhint %} ## Installation {% hint style="info" %} Installing P0 on Incident.io takes about one minute. {% endhint %} ### Before you begin * You must be an Incident.io account administrator with access to API key management. * You must be a P0 organization owner. ### Setting up Incident.io 1. Navigate to "Integrations" on [p0.app](https://p0.app), then select "Incident.io". 2. Create an API key in your Incident.io account with **Read schedules** permission. See the [Incident.io API documentation](https://docs.incident.io/integrations/api-overview#where-can-i-find-the-api-keys) for instructions. 3. Enter the API key in the P0 integration configuration and click "Install integration". P0 validates the key by fetching your on-call schedules. ## Configuring auto-approval When using [default approval routing](https://docs.p0.dev/orchestration/just-in-time-access/approving-access#auto-approvals), any installed Incident.io integration automatically approves access requests if the requestor is currently on-call for any schedule. When using [configured request routing](https://docs.p0.dev/orchestration/just-in-time-access/request-routing), add the Incident.io auto-approval rule to your routing configuration: ```yaml approval: - type: auto integration: incidentio options: { requireReason: true|false } ``` This rule automatically approves matching access requests for one hour if the requestor is on-call for any schedule in your Incident.io account. ## Configuring on-call approver routing You can configure routing rules that allow users who are on-call for specific Incident.io schedules to approve others' access requests. This uses the escalation approval type with schedule targeting. ### Using the Policy Studio UI 1. Navigate to **Policy Studio** on [p0.app](https://p0.app). 2. Add an approval rule and select **Incident.io On-Call Approval**. 3. Select one or more Incident.io schedules from the dropdown. P0 fetches available schedules from your Incident.io account. 4. Save your routing configuration. ### Using the routing rules API Add an escalation rule to your workflow configuration: ```yaml approval: - type: escalation integration: incidentio services: [] options: { allowOneParty: true|false, requireReason: true|false } ``` **services**: List of Incident.io schedule IDs. Only users who are on-call for these specific schedules can approve requests matching this rule. **options**: See the [approval options reference](https://docs.p0.dev/orchestration/just-in-time-access/request-routing#p0) for details. ## How it works P0 queries the Incident.io Schedules API to find which users are now on-call: 1. P0 fetches schedule entries for the relevant schedules within a one-minute window. 2. P0 filters entries to those where the current time falls within the entry's start and end times. 3. P0 collects the email addresses of users who are now on-call. 4. For **auto-approval**, P0 checks if the requestor's email matches any on-call user across all schedules. 5. For **on-call approver**, P0 checks if the approver's email matches any on-call user for the specific schedules configured in the routing rule.