Sections in this category

User Management - SSO/SAML/RBAC*

*Note that SSO and RBAC capabilities are only included with a Kubecost Enterprise Subscription.

Kubecost supports access control/Single Sign On (SSO) with SAML 2.0. Kubecost works with most identity providers including Okta, Auth0, AzureAD, PingID, and KeyCloak.

High-level access control options:

  • User authentication SSO provides a simple mechanism to restrict application access internally and externally
  • Custom access roles Limit users based on attributes or group membership to view a set of namespaces, labels, cluster, or other aggregations
  • Pre-defined user roles
    • admin: full control with permissions to manage users, configure model inputs, and application settings.
    • readonly: user role with read-only permission

Setup guide:

Additional troubleshooting guide

Contact us via email ( or join us on Slack if you have questions!

Edit this doc on GitHub