Skip to main content

Single sign-on (SSO)

Infracost Cloud supports authenticating with Enterprise SSO providers. To set up SSO with Infracost Cloud:

  1. Go to Infracost Cloud and sign up with your email and a password. You will delete this user after SSO is enabled.
  2. From the top dropdown menu, create a new organization for your company.
  3. Email hello@infracost.io to purchase Infracost.
  4. Follow the applicable sections below to setup SSO, each option ends with a form where you enter your SSO details.
    Azure Active Directory
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this to Infracost in a future step.
    2. Login to the Azure portal
    3. Go to Azure Active Directory > App registrations
    4. Click New registration
    5. For the name enter Infracost Cloud
    6. For the Redirect URL select Web for the platform and enter https://login.infracost.io/login/callback
    7. Click on Add a certificate or secret > New client secret
    8. Copy the Application (client) ID. You will need to provide this to Infracost in a future step.
    9. Add a client secret with Description Infracost Cloud SSO that expires in 24 months.
    10. Copy the Client Secret Value. You will need to provide this to Infracost in the next step.
    11. Fill out the SSO setup form here, providing the Application (client) ID, Client secret value and the domain you want enabled for SSO.
    Okta
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this to Infracost in a future step.
    2. Login to the Okta Admin dashboard
    3. Go to Applications > Applications
    4. Click Create App Integration
    5. Select SAML 2.0 and click Next.
    6. For the App name enter Infracost Cloud and click Next.
    7. For Single sign on URL enter https://login.infracost.io/login/callback?connection=<YOUR INFRACOST ORG ID>
    8. For the Audience URL (SP Entity ID) enter urn:auth0:infracost:<YOUR INFRACOST ORG ID>Okta Attribute Statements form
    9. Add the following for the Attribute Statements section and click Next.Okta Attribute Statements form
    10. Choose 'I'm an Okta customer adding an internal app' and click Finish
    11. In the Sign on tab, scroll down to the SAML Signing Certificates section. On the right-hand side click the button to View SAML setup instructions.
    12. Copy the Identity Provider Single Sign-On URL and download the certificate.
    13. Fill out the SSO setup form here, providing the Identity Provider Single Sign-On URL, certificate and the domain you want enabled for SSO.
    14. In the Okta Admin dashboard assign any users to the Infracost Cloud app.
    Google Workspace
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need this when setting up the SAML app in Google Workspace.
    2. Login to Google Workspace admin
    3. Go to Apps > Web and mobile apps
    4. Click Add app > Add custom SAML app
    5. For the App name enter Infracost Cloud
    6. Copy the SSO URL and download the Certificate. You will need to supply these to Infracost in a future step. Click Continue.
    7. In the ACS URL enter: https://login.infracost.io/login/callback?connection=<YOUR INFRACOST ORG ID>
    8. In the Entity ID enter: urn:auth0:infracost:<YOUR INFRACOST ORG ID>
    9. Tick Signed response
    10. For Name ID format choose UNSPECIFIED and for Name ID choose Basic Information > Primary email. The form should look like the following:Google Workspace Service Provider form
    11. Click Continue
    12. Add the following Attributes and click Finish:Google Workspace Service Provider form
    13. Fill out the SSO setup form here, providing the SSO URL, Certificate and the domain you want enabled for SSO.
    Other SAML providers
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this in the next step.
    2. Fill out the SSO setup form here, providing the SSO URL, certificate and the domain you want enabled for SSO.
  5. Once we receive the form, we will email you to schedule a quick screenshare call to enable SSO. On the call, we will verify your SSO connection is configured correctly and delete the initial user that was created without SSO.

After SSO is configured, any user authenticating with your company domain name in the usual log in page will be redirected to your SSO provider for authenticating.