Economize Documentation
  • 📖Economize Documentation
  • GCP + Economize
    • 🔌Onboarding GCP project onto Economize
    • 🗃️Adding new GCP projects as an existing user
    • 🔗Analyzing BigQuery costs by linking the logging export
    • 🔍Analyzing GKE costs
  • AWS + Economize
    • 🔌Onboarding AWS account onto Economize
    • 🗃️Adding new AWS accounts as an existing user
  • Azure + Economize
    • 🔌Onboarding Azure account onto Economize
  • Account administration and security
    • 🔐Single Sign-On (SSO)
    • 🎭Role-Based Access Control (RBAC)
    • 📝Audit Logs
  • Product Features
    • 🪟Dashboard
    • 🧭Explorer
      • 💸Aerial View
      • 🧩Resources
      • 💰Unit Costs
    • 📋Reports
    • 🔮Recommendations
    • ⚠️Incidents
    • 🎯Views
    • 🔔Notifications
      • 📜Summaries
      • 🚨Alerts
  • Integrations
    • 🪝Overview
    • ✨Slack
    • 🤖Discord
    • 👥Microsoft Teams
    • 💬Google Chat
    • 🗣️Zulip
Powered by GitBook
On this page

Was this helpful?

  1. Account administration and security

Single Sign-On (SSO)

PreviousOnboarding Azure account onto EconomizeNextRole-Based Access Control (RBAC)

Last updated 8 months ago

Was this helpful?

Single Sign-On (SSO) is an authentication feature that allows you to access Economize using your existing organizational login credentials. This enhances security and the user experience by reducing password fatigue and simplifying access management.

Economize supports several Identity Providers (IdPs) for SSO integration via SAML:

  • Google Workspace

  • Azure AD

  • Okta

  • JumpCloud

If you do not see your IdP listed here, please contact Economize Support.

Set up SSO with supported IdPs

Step 1: Register an OAuth Application with Google​

  • From the Google API Console, select an existing project or click CREATE PROJECT.

  • From the left navigation menu, click Credentials.

  • At the top, click CREATE CREDENTIALS > OAuth client ID.

If this is your first time working with this Google project, you will have to configure your consent screen. Follow this official Google documentation.

  • For Application type, select Web application.

  • Enter a Name for your application (e.g., Economize).

  • For Authorized JavaScript origins, click ADD URI and enter https://auth.economize.cloud.

  • For Authorized redirect URIs, click ADD URI and enter https://auth.economize.cloud/login/callback.

  • Click CREATE.

Step 2: Obtain Application Credentials and Contact Economize Support​

  • Copy your app's CLIENT ID and CLIENT SECRET.

  • Contact Economize Support for information on how to send these credentials to finish connecting with the Economize app.

Step 1: Register an Application with Azure AD​

  • From the Azure portal, navigate to App registrations, then click New registration.

  • Enter a name for your app i.e., Economize.

  • Set the Supported account types option to the appropriate setting for your organization.

  • For Redirect URI, select Web and enter https://auth.economize.cloud/login/callback.

  • Click Register.

  • Once the app registration is complete, copy the Application (client) ID displayed on the app's Overview page to send to Economize.

Step 2: Generate a Client Secret​

  • On the left navigation, select Certificates & secrets.

  • Under the Client secrets tab, click New client secret.

  • Enter a description and select an expiration for the secret.

If this secret expires, you will need to supply Economize with a new secret before the expiration date.

  • Click Add.

  • Copy the secret's Value.

Step 3: Add API Permissions​

  • On the left navigation, select API permissions.

  • Select Add a permission.

  • Under the Microsoft APIs tab, find and select the appropriate permissions required by Economize i.e., Directory.Read.All, User.Read

  • At the bottom, click Add permissions.

Step 4: Grant Admin Consent (If Required)​

  • Still under API permissions, you may see a section for Grant admin consent for {your domain}.

  • Click Grant admin consent, and follow the prompts.

Step 5: Contact Economize Support​

Contact Economize Support for information on how to send the following items to finish the connection with the Economize app:

  • Application (client) ID

  • Client secret

  • Azure AD Domain

You can obtain your Azure AD Domain name on the Overview page of Azure Active Directory.

  1. Create an app integration on Okta.

  2. For Sign-in method, select SAML 2.0. Click Next.

  3. For App Name, enter Economize.

  4. For App Logo, upload the Econoimize Logo, then click Next.

  5. Enter the requested Single sign on URL (i.e., https://auth.economize.cloud/login/callback?connection=<company_name>-okta) and Audience URI (SP Entity ID) (urn:auth0:economizecloud:<company_name>-okta).

  6. Set the Application username to Email.

  7. Once the app integration is set up, copy and save the Okta-provided Identity Provider Single Sign On URL and X.509 Certificate.

  8. Contact Economize Support for information on how to send the above items to finish the connection with the Economize app.

Step 1: Configure a New SAML Application

  • Sign in to your JumpCloud admin portal.

  • Under User Authentication, click SSO Applications.

  • Click + Add New Application.

  • Click Custom SAML Application.

  • Click Next, and select Configure SSO with SAML within the option Manage Single Sign-On (SSO).

  • Provide a Display Label i.e., Economize and optional application information.

  • For User Portal Image, upload the Econoimize Logo, then click Next.

  • Review and click on Configure Application.

Step 2: Configure SAML Settings

  • IdP Entity ID: Enter https://auth.economize.cloud

  • SP Entity ID: Enter urn:auth0:economizecloud:<company_name>

  • ACS URL: Enterhttps://auth.economize.cloud/login/callback?connection=<company_name>

  • Click Save.

Step 3: Contact Economize Support​

Contact Economize Support for information on how to send the following items to finish the connection with the Economize app:

  • IdP SSO URL

  • Signing Certificate

🔐