# Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication feature that allows you to access Economize using your existing organizational login credentials. This enhances security and the user experience by reducing password fatigue and simplifying access management.

<figure><img src="/files/lniL9nDE8gWQzwpRAzzm" alt=""><figcaption></figcaption></figure>

Economize supports several Identity Providers (IdPs) for SSO integration via SAML:

* Google Workspace
* Azure AD
* Okta
* JumpCloud

{% hint style="info" %}
If you do not see your IdP listed here, please contact [Economize Support](mailto:support@economize.cloud).
{% endhint %}

## Set up SSO with supported IdPs[**​**](https://docs.vantage.sh/sso#step-1-register-an-oauth-application-with-google) <a href="#set-up-other-idps" id="set-up-other-idps"></a>

{% tabs %}
{% tab title="Google Workspace " %}

#### Step 1: Register an OAuth Application with Google

* From the [Google API Console](https://console.developers.google.com/), select an existing project or click **CREATE PROJECT**.
* From the left navigation menu, click **Credentials**.
* At the top, click **CREATE CREDENTIALS** > **OAuth client ID**.

{% hint style="info" %}
If this is your first time working with this Google project, you will have to configure your consent screen. Follow [this](https://support.google.com/googleapi/answer/6158849) official Google documentation.
{% endhint %}

* For **Application type**, select **Web application**.
* Enter a **Name** for your application (e.g., *Economize*).
* For **Authorized JavaScript origins**, click **ADD URI** and enter `https://auth.economize.cloud`.
* For **Authorized redirect URIs**, click **ADD URI** and enter `https://auth.economize.cloud/login/callback`.
* Click **CREATE**.

<figure><img src="/files/CWlP66xn9XCKjXEsVjnu" alt="" width="563"><figcaption></figcaption></figure>

#### **Step 2: Obtain Application Credentials and Contact Economize Support**

* Copy your app's **CLIENT ID** and **CLIENT SECRET**.
* Contact [Economize Support](mailto:support@economize.cloud) for information on how to send these credentials to finish connecting with the Economize app.
  {% endtab %}

{% tab title="Azure AD" %}

#### **Step 1: Register an Application with Azure AD**

* From the Azure portal, navigate to **App registrations**, then click **New registration**.
* Enter a name for your app i.e., *Economize.*
* Set the **Supported account types** option to the appropriate setting for your organization.
* For **Redirect URI**, select **Web** and enter `https://auth.economize.cloud/login/callback`.
* Click **Register**.
* Once the app registration is complete, copy the **Application (client) ID** displayed on the app's **Overview** page to send to Economize.

<figure><img src="/files/pGxyWtrnplHPb8zNiA6D" alt="" width="563"><figcaption></figcaption></figure>

#### **Step 2: Generate a Client Secret​**

* On the left navigation, select **Certificates & secrets**.
* Under the **Client secrets** tab, click **New client secret**.
* Enter a description and select an expiration for the secret.

{% hint style="info" %}
If this secret expires, you will need to supply Economize with a new secret before the expiration date.
{% endhint %}

* Click **Add**.
* Copy the secret's **Value**.

<figure><img src="/files/g6WgWRS28FpygxPSirYc" alt="" width="563"><figcaption></figcaption></figure>

#### **Step 3: Add API Permissions**

* On the left navigation, select **API permissions**.
* Select **Add a permission**.
* Under the **Microsoft APIs** tab, find and select the appropriate permissions required by Economize i.e., `Directory.Read.All`, `User.Read`
* At the bottom, click **Add permissions**.

<figure><img src="/files/YIZprxzyaEexsuraK9oy" alt="" width="563"><figcaption></figcaption></figure>

#### **Step 4: Grant Admin Consent (If Required)**

* Still under **API permissions**, you may see a section for **Grant admin consent for {your domain}**.
* Click **Grant admin consent**, and follow the prompts.

<figure><img src="/files/PaaHPiwgbmtyJpuEWYIu" alt="" width="563"><figcaption></figcaption></figure>

#### **Step 5: Contact Economize Support**

* Contact [Economize Support](mailto:support@economize.cloud) for information on how to send the following items to finish the connection with the Economize app:
* Application (client) ID
* Client secret
* Azure AD Domain

{% hint style="info" %}
You can obtain your Azure AD Domain name on the **Overview** page of Azure Active Directory.
{% endhint %}
{% endtab %}

{% tab title="Okta" %}

1. Create an app integration on Okta.
2. For **Sign-in method**, select **SAML 2.0**. Click **Next**.
3. For **App Name**, enter *Economize*.
4. For **App Logo**, upload the [Econoimize Logo](https://ik.imagekit.io/economize/icon2-transparent_DLUlvcO3M.svg?updatedAt=1641901415871), then click **Next**.
5. Enter the requested **Single sign on URL** (i.e., `https://auth.economize.cloud/login/callback?connection=<company_name>-okta`) and **Audience URI (SP Entity ID)** (`urn:auth0:economizecloud:<company_name>-okta`).
6. Set the **Application username** to **Email**.
7. Once the app integration is set up, copy and save the Okta-provided **Identity Provider Single Sign On URL** and **X.509 Certificate.**
8. Contact [Economize Support](mailto:support@economize.cloud) for information on how to send the above items to finish the connection with the Economize app.
   {% endtab %}

{% tab title="JumpCloud" %}

#### **Step 1: Configure a New SAML Application**

* Sign in to your JumpCloud admin portal.
* Under **User Authentication**, click **SSO Applications**.
* Click **+** **Add New Application**.
* Click **Custom SAML Application**.
* Click **Next,** and select **Configure SSO with SAML** within the option **Manage Single Sign-On (SSO).**

<figure><img src="/files/ywr5LTJEegjkhZK4RVPL" alt="" width="563"><figcaption></figcaption></figure>

* Provide a **Display Label** i.e., E*conomize* and optional application information.
* For **User Portal Image**, upload the [Econoimize Logo](https://ik.imagekit.io/economize/icon2-transparent_DLUlvcO3M.svg?updatedAt=1641901415871), then click **Next**.
* Review and click on **Configure Application.**

#### **Step 2: Configure SAML Settings**

* **IdP Entity ID**: Enter `https://auth.economize.cloud`
* **SP Entity ID**: Enter `urn:auth0:economizecloud:<company_name>`
* **ACS URL:** Enter`https://auth.economize.cloud/login/callback?connection=<company_name>`
* Click **Save**.

#### **Step 3: Contact Economize Support**

* Contact [Economize Support](mailto:support@economize.cloud) for information on how to send the following items to finish the connection with the Economize app:
* IdP SSO URL
* Signing Certificate
  {% endtab %}
  {% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.economize.cloud/account-administration-and-security/sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.