LogoLogo
Contact Us
  • Finout Documentation
  • Get Started with Finout
    • Introduction to Finout's Suite of Features
    • Onboarding New Users to Your Finout Account
    • Single Sign-On (SSO) Setup
    • Enterprise Discount Program (EDP)
    • Cost and Usage Types
      • FairShare Cost
      • List Cost
  • Integrations
    • Cloud Services
      • Connect to AWS
      • Connect to Azure
      • Connect to Oracle
      • Connect to GCP
    • Third Party
      • Connect to Confluent
      • Connect to Databricks
      • Connect to Snowflake
      • Connect to Jira
      • Connect to Datadog
        • Datadog API Cost Calculation
        • Datadog Integration Levels
        • Datadog Usage Attribution Tags (UAT)
      • Connect to Microsoft Teams
      • Connect to ServiceNow
      • Custom Cost Centers
      • Credentials Vault
    • Telemetry
      • S3 Telemetry Integration
      • Setting Up a Datadog - Finout Metrics Integration (Export)
    • Kubernetes
      • Connect to Kubernetes Prometheus
      • Kubernetes - How Finout Calculates K8s Costs
      • Kubernetes MegaBill
      • Kubernetes Budgeting
      • Kubernetes Anomaly Detection
      • Kubernetes Custom Dashboards
      • Kubernetes Predefined Dashboards
      • Ensure Compatibility of Your Kubernetes Monitoring with Finout
  • User Guide
    • Inform
      • MegaBill
      • Custom Drilldown
      • Custom Cost Input
      • Virtual Tags
        • Relational Virtual Tags
      • Shared Cost Reallocation
        • How to Use Shared Cost Reallocation
      • FinOps Dashboards
      • Financial Plans
      • Data Explorer
    • Optimize
      • My Commitments
      • Commitments Log
      • Anomalies
      • CostGuard
        • CostGuard - Scans
        • Connect CostGuard for AWS
        • Connect CostGuard for GCP
    • Operate
      • Reports
      • Tag Governance
  • Configuration
    • Finout API
      • Generate an API Token
      • Filter Object Definition
      • Cost API
      • Query Language API
      • Virtual Tags API
      • CostGuard API
      • Endpoint API
      • Virtual Tag Metadata API
    • Role-Based Access Control (RBAC)
      • Role Permissions
      • Managing Roles
        • Creating a Custom Role
        • Permissions List
        • Managing a Role and its Permissions
      • Managing Users
        • Inviting a User
        • Edit a User's Roles
      • Data Access Control
      • Groups
        • Create a New Group
        • Edit Group Data Access
        • Delete a group
        • Edit Group Users and SAML Groups
      • RBAC FAQs
    • Endpoints
      • Slack Notification Endpoint
  • Common Features
    • List of Common Features
      • ACL Permissions
      • Saved Views
Powered by GitBook

Still need help? Please feel free to reach out to our team at support@finout.io.

On this page
  • SSO Overview
  • Connect Your ​​SSO Providers to Finout
  • FAQs
Export as PDF
  1. Get Started with Finout

Single Sign-On (SSO) Setup

PreviousOnboarding New Users to Your Finout AccountNextEnterprise Discount Program (EDP)

Last updated 1 month ago

SSO Overview

Single Sign-On (SSO) setup simplifies user authentication and access management across multiple applications within an organization. It allows users to securely authenticate once and access various services without having to re-enter credentials. Integrating your SSO providers with Finout enhances security and streamlines administration by reducing the risk of credential-based attacks.

Connect Your ​​SSO Providers to Finout

Follow this procedure to integrate your SSO provers with Finout.

To connect SSO providers to Finout:

  1. In Finout, navigate to the Admin Portal.

  2. In the Admin Portal navigation bar, click SSO.

  3. Click on Setup SSO connection. The Setup SSO connection appears.

  1. Select the SSO provider with which you wish to connect with Finout.

    Note: It is recommended to choose the SAML integration.

  2. Follow the onscreen instructions for the chosen SSO provider. You are redirected to the Self-service SAML configuration/SSO configuration.

  3. Enter a Domain Name and click Proceed.

    Note: The domain must be claimed by copying the TXT record and applying it to your DNS provider.

    The Record Name and Record Value appear.

  4. Copy this data and add it to a new TXT record in your DNS file, then click Proceed. You are brought to the Manage Authorization step.

  5. Assign default roles to all SSO users by adding one or more account roles from your list of predefined roles.

  6. You can optionally map your IdP groups to roles available in the application.

    Note: Ensure that your IdP passes the groups attribute that is sent in the SAML Assertion.

  7. Click Done and save the connection.

  8. Login into Finout using the SSO to ensure that it is enabled.

FAQs

If a user has the following groups:

  • Group A in Active Directory: Connected to Group 1 in Finout.

  • Group B in Active Directory: Connected to Group 2 in Finout.

What permissions will the user have if they are moved from Group A to Group B?

The user will have access to both Group 1 and Group 2 in Finout. To remove access to Group A, you must remove it from Group A in Finout.

What happens if a user is part of an Active Directory group and belongs to another group in Finout?

The user will have access to both groups in Finout. This access will be effective immediately upon the next login.

If a user belongs to multiple SAML groups with corresponding groups in Finout, will Finout assign the user to all these matching groups?

Yes, if a user belongs to multiple SAML groups with corresponding groups in Finout, Finout will assign the user to all of these matching groups.

Does Finout support re-evaluating user group memberships upon every SAML login?

No, group provisioning happens only when the user onboards Finout. Then, they need to manage the groups in the admin portal and Finout groups settings.

Note: For more information, see .

Frontegg documentation