Economize Documentation
  • 📖Economize Documentation
  • GCP + Economize
    • 🔌Onboarding GCP project onto Economize
    • 🗃️Adding new GCP projects as an existing user
    • 🔗Analyzing BigQuery costs by linking the logging export
    • 🔍Analyzing GKE costs
  • AWS + Economize
    • 🔌Onboarding AWS account onto Economize
    • 🗃️Adding new AWS accounts as an existing user
  • Azure + Economize
    • 🔌Onboarding Azure account onto Economize
  • OpenAI + Economize
    • 🔌Onboarding OpenAI account onto Economize
  • Account administration and security
    • 🔐Single Sign-On (SSO)
    • 🎭Role-Based Access Control (RBAC)
    • 📝Audit Logs
  • Product Features
    • 🪟Dashboard
    • 🧭Explorer
      • 💸Aerial View
      • 🧩Resources
      • 💰Unit Costs
    • 📋Reports
    • 🔮Recommendations
    • ⚠️Incidents
    • 🎯Views
    • 🔔Notifications
      • 📜Summaries
      • 🚨Alerts
  • Integrations
    • 🪝Overview
    • ✨Slack
    • 🤖Discord
    • 👥Microsoft Teams
    • 💬Google Chat
    • 🗣️Zulip
Powered by GitBook
On this page

Was this helpful?

  1. Account administration and security

Single Sign-On (SSO)

PreviousOnboarding OpenAI account onto EconomizeNextRole-Based Access Control (RBAC)

Last updated 9 months ago

Was this helpful?

Single Sign-On (SSO) is an authentication feature that allows you to access Economize using your existing organizational login credentials. This enhances security and the user experience by reducing password fatigue and simplifying access management.

Economize supports several Identity Providers (IdPs) for SSO integration via SAML:

  • Google Workspace

  • Azure AD

  • Okta

  • JumpCloud

Set up SSO with supported IdPs

  • From the left navigation menu, click Credentials.

  • At the top, click CREATE CREDENTIALS > OAuth client ID.

  • For Application type, select Web application.

  • Enter a Name for your application (e.g., Economize).

  • For Authorized JavaScript origins, click ADD URI and enter https://auth.economize.cloud.

  • For Authorized redirect URIs, click ADD URI and enter https://auth.economize.cloud/login/callback.

  • Click CREATE.

  • Copy your app's CLIENT ID and CLIENT SECRET.

  • From the Azure portal, navigate to App registrations, then click New registration.

  • Enter a name for your app i.e., Economize.

  • Set the Supported account types option to the appropriate setting for your organization.

  • For Redirect URI, select Web and enter https://auth.economize.cloud/login/callback.

  • Click Register.

  • Once the app registration is complete, copy the Application (client) ID displayed on the app's Overview page to send to Economize.

  • On the left navigation, select Certificates & secrets.

  • Under the Client secrets tab, click New client secret.

  • Enter a description and select an expiration for the secret.

If this secret expires, you will need to supply Economize with a new secret before the expiration date.

  • Click Add.

  • Copy the secret's Value.

  • On the left navigation, select API permissions.

  • Select Add a permission.

  • Under the Microsoft APIs tab, find and select the appropriate permissions required by Economize i.e., Directory.Read.All, User.Read

  • At the bottom, click Add permissions.

  • Still under API permissions, you may see a section for Grant admin consent for {your domain}.

  • Click Grant admin consent, and follow the prompts.

  • Application (client) ID

  • Client secret

  • Azure AD Domain

You can obtain your Azure AD Domain name on the Overview page of Azure Active Directory.

  1. Create an app integration on Okta.

  2. For Sign-in method, select SAML 2.0. Click Next.

  3. For App Name, enter Economize.

  5. Enter the requested Single sign on URL (i.e., https://auth.economize.cloud/login/callback?connection=<company_name>-okta) and Audience URI (SP Entity ID) (urn:auth0:economizecloud:<company_name>-okta).

  6. Set the Application username to Email.

  7. Once the app integration is set up, copy and save the Okta-provided Identity Provider Single Sign On URL and X.509 Certificate.

Step 1: Configure a New SAML Application

  • Sign in to your JumpCloud admin portal.

  • Under User Authentication, click SSO Applications.

  • Click + Add New Application.

  • Click Custom SAML Application.

  • Click Next, and select Configure SSO with SAML within the option Manage Single Sign-On (SSO).

  • Provide a Display Label i.e., Economize and optional application information.

  • Review and click on Configure Application.

Step 2: Configure SAML Settings

  • IdP Entity ID: Enter https://auth.economize.cloud

  • SP Entity ID: Enter urn:auth0:economizecloud:<company_name>

  • ACS URL: Enterhttps://auth.economize.cloud/login/callback?connection=<company_name>

  • Click Save.

  • IdP SSO URL

  • Signing Certificate

If you do not see your IdP listed here, please contact .

Step 1: Register an OAuth Application with Google

From the , select an existing project or click CREATE PROJECT.

If this is your first time working with this Google project, you will have to configure your consent screen. Follow official Google documentation.

Step 2: Obtain Application Credentials and Contact Economize Support

Contact for information on how to send these credentials to finish connecting with the Economize app.

Step 1: Register an Application with Azure AD

Step 2: Generate a Client Secret

Step 3: Add API Permissions

Step 4: Grant Admin Consent (If Required)

Step 5: Contact Economize Support

Contact for information on how to send the following items to finish the connection with the Economize app:

For App Logo, upload the , then click Next.

Contact for information on how to send the above items to finish the connection with the Economize app.

For User Portal Image, upload the , then click Next.

Step 3: Contact Economize Support

Contact for information on how to send the following items to finish the connection with the Economize app:

🔐
Economize Support
​
Google API Console
this
​
Economize Support
​
​
​
​
​
Economize Support
Econoimize Logo
Economize Support
Econoimize Logo
​
Economize Support