Skip to main content

Single sign-on (SSO)

Infracost Cloud supports authenticating with Enterprise SSO providers.

Setup SSO

Assuming you have already purchased Infracost Cloud, you can setup SSO by following these steps. Email hello@infracost.io if you would like to enable SSO for proof-of-concept projects where many people are involved.

  1. Go to Infracost Cloud and sign up with your email and a password. You will delete this user after SSO is enabled.
  2. From the top dropdown menu, switch to your company organization or create a new organization for your company.
  3. Follow the applicable sections below to setup SSO, each option ends with a form where you enter your SSO details.
    Azure Active Directory
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this to Infracost in a future step.
    2. Login to the Azure portal
    3. Go to Azure Active Directory > App registrations
    4. Click New registration
    5. For the name enter Infracost Cloud
    6. For the Redirect URL select Web for the platform and enter https://login.infracost.io/login/callback
    7. Click on Add a certificate or secret > New client secret
    8. Copy the Application (client) ID. You will need to provide this to Infracost in a future step.
    9. Add a client secret with Description Infracost Cloud SSO that expires in 24 months.
    10. Copy the Client Secret Value. You will need to provide this to Infracost in the next step.
    11. Fill out the SSO setup form here, providing the Application (client) ID, Client secret value and the domain you want enabled for SSO.
    Okta
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this to Infracost in a future step.
    2. Login to the Okta Admin dashboard
    3. Go to Applications > Applications
    4. Click Create App Integration
    5. Select SAML 2.0 and click Next.
    6. For the App name enter Infracost Cloud and click Next.
    7. For Single sign on URL enter https://login.infracost.io/login/callback?connection=<YOUR INFRACOST ORG ID>
    8. For the Audience URL (SP Entity ID) enter urn:auth0:infracost:<YOUR INFRACOST ORG ID>Okta Attribute Statements form
    9. Add the following for the Attribute Statements section and click Next.Okta Attribute Statements form
    10. Choose 'I'm an Okta customer adding an internal app' and click Finish
    11. In the Sign on tab, scroll down to the SAML Signing Certificates section. On the right-hand side click the button to View SAML setup instructions.
    12. Copy the Identity Provider Single Sign-On URL and download the certificate.
    13. Fill out the SSO setup form here, providing the Identity Provider Single Sign-On URL, certificate and the domain you want enabled for SSO.
    14. In the Okta Admin dashboard assign any users to the Infracost Cloud app. You can also add an Infracost button to your SSO portal as we support IdP-Initiated logins from Okta too.
    Google Workspace
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need this when setting up the SAML app in Google Workspace.
    2. Login to Google Workspace admin
    3. Go to Apps > Web and mobile apps
    4. Click Add app > Add custom SAML app
    5. For the App name enter Infracost Cloud
    6. Copy the SSO URL and download the Certificate. You will need to supply these to Infracost in a future step. Click Continue.
    7. In the ACS URL enter: https://login.infracost.io/login/callback?connection=<YOUR INFRACOST ORG ID>
    8. In the Entity ID enter: urn:auth0:infracost:<YOUR INFRACOST ORG ID>
    9. Tick Signed response
    10. For Name ID format choose UNSPECIFIED and for Name ID choose Basic Information > Primary email. The form should look like the following:Google Workspace Service Provider form
    11. Click Continue
    12. Add the following Attributes and click Finish:Google Workspace Service Provider form
    13. Fill out the SSO setup form here, providing the SSO URL, Certificate and the domain you want enabled for SSO.
    Other SAML providers
    1. In the Infracost Cloud dashboard go to Org Settings and copy your Org ID. You will need to provide this in the next step.
    2. Fill out the SSO setup form here, providing the SSO URL, certificate and the domain you want enabled for SSO.
  4. Once we receive the form, we will email you to schedule a quick screenshare call to enable SSO. On the call, we will verify your SSO connection is configured correctly and delete the initial user that was created without SSO.

SSO login notes

After SSO is configured:

  • Anyone who enters an email address that contains your company domain name(s) in the usual log in page will be redirected to your SSO provider for authentication.
  • You can invite users to your Infracost Cloud organization from the Org Settings > Members page. They will also need to be added to the corresponding group in your SSO provider so they can login.
  • If a user had already logged-in prior to SSO being enabled, on their first login after SSO is enabled, they will be asked to confirm if they want to link their login accounts. They must click "Continue" do this to be able to access your company's Infracost Cloud organization, otherwise a new empty organization will be created for them. If they skip this step, email hello@infracost.io so we can assist you.Linking login accounts