> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/integrations/approval-integrations/incidentio.md). # Incident.io ## Incident.io approval P0's Incident.io integration allows on-call users to approve access requests based on their on-call schedule assignments. You can configure two types of on-call approval: * **Auto-approval:** Automatically approve access requests if the requester is on-call for one of the schedules configured on the Incident.io integration page. * **On-call approver:** Allow users who are on-call for specific schedules to approve others' access requests via access policies. When someone escalates an access request, P0 creates an incident in Incident.io to notify the on-call team. {% hint style="warning" %} P0 auto-approves or allows approval from any Incident.io user who is on-call for a configured schedule. Ensure your schedule assignments and integration settings reflect appropriate trust levels. {% endhint %} ## Installation {% hint style="info" %} Installing P0 on Incident.io takes about 2-3 minutes. {% endhint %} ### Before you begin * You must be an Incident.io account administrator with access to API key management. * You must be a P0 organization owner. ### Setting up Incident.io 1. Navigate to "Integrations" on [p0.app](https://p0.app), then select "Incident.io". 2. Create an API key in your Incident.io account with the following permissions. See the [Incident.io API documentation](https://docs.incident.io/integrations/api-overview#where-can-i-find-the-api-keys) for instructions. * View data, like public incidents and organization settings * Create incidents * Edit incidents * Manage organization settings * View catalog types and entries * Read schedules 3. Enter the API key in the P0 integration configuration and click "Install integration". P0 validates the key and creates a custom field in your Incident.io account to associate escalation incidents with on-call schedules that can approve the related request. ## Configuring auto-approval Auto-approval requires selecting which Incident.io schedules to check. If you don't select any schedules, auto-approval denies all requests. ### Selecting schedules 1. Navigate to **Integrations** on [p0.app](https://p0.app), then select **Incident.io**. 2. In the auto-approval settings, select one or more schedules from the dropdown. P0 fetches available schedules from your Incident.io account. 3. Save your changes. {% hint style="warning" %} You must select at least one schedule. If you don't select any schedules, Incident.io auto-approval denies all requests. {% endhint %} ### Adding the auto-approval rule When using [default approval routing](/access-management/just-in-time-access/approving-access.md#auto-approvals), the Incident.io integration automatically approves access requests if the requester is currently on-call for one of the selected schedules. Then, add the Incident.io auto-approval rule to your [access policy](/access-management/just-in-time-access/request-routing.md) configuration: ```yaml approval: - type: auto integration: incidentio options: { requireReason: true|false } ``` **options**: The "options" key is optional. You can use it to require the requester to specify a reason when submitting requests with the `requireReason: true` setting. Defaults to `false`. This rule automatically approves matching access requests for one hour if the requester is on-call for one of the selected schedules. ## Configuring on-call approver routing You can configure access policies that allow users who are on-call for specific Incident.io schedules to approve others' access requests. This uses the escalation approval type with schedule targeting. When a request matches an escalation rule, P0 creates an incident in Incident.io to notify the on-call team. The incident includes details about the access request and a link to the approval conversation. ### Using the Policy Studio UI 1. Navigate to **Policy Studio** on [p0.app](https://p0.app). 2. Add an approval rule and select **Incident.io On-Call Approval**. 3. Select one or more Incident.io schedules from the dropdown. P0 fetches available schedules from your Incident.io account. 4. Save your policy configuration. ### Using the access policies API Add an escalation rule to your workflow configuration: ```yaml approval: - type: escalation integration: incidentio services: [] options: { allowOneParty: true|false, requireReason: true|false } ``` **services**: List of Incident.io schedule IDs. Only users who are on-call for these specific schedules can approve requests matching this rule. **options**: See the [approval options reference](/access-management/just-in-time-access/request-routing.md#p0) for details. ## How it works P0 queries the Incident.io Schedules API to find which users are on-call for the configured schedules: 1. P0 reads the schedule IDs from the integration configuration (for auto-approval) or the rule's `services` field (for escalation). 2. P0 fetches schedule entries for the selected schedules within a one-minute window. 3. P0 filters entries to those where the current time falls within the entry's start and end times. 4. P0 collects the email addresses of users who are on-call for those schedules. 5. P0 checks if the requester's email matches any on-call user. ### On-call approver (escalation) When an access request triggers an escalation rule, P0 creates an Incident.io incident: 1. P0 creates an incident with the configured on-call schedules stored as metadata. 2. The incident includes the requester, the requested access, and a link to the approval conversation (Slack or Microsoft Teams). 3. On-call users for the configured schedules can approve the request through the normal approval flow. 4. When an approver approves or denies the request, P0 updates the incident summary to reflect the decision. {% hint style="info" %} P0 does not automatically resolve incidents. After reviewing the access request, the on-call engineer should manually resolve the incident in Incident.io. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.p0.dev/integrations/approval-integrations/incidentio.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.