Sections in this category

User Management - SSO/SAML

Kubecost’s SSO/SAML 2.0 support makes it easy to manage application access and works with top identity providers, incuding Okta, Auth0, AzureAD, PingID, and KeyCloak. Below are the high-level access control options that Kubecost supports:

  • User authentication provides a simple mechanism to restrict application access internally and externally
  • Custom access roles restrict a user’s access to a limited set of namespaces, labels, cluster, or other aggregations
  • Pre-defined user roles can be managed to provide tiered access
    • Admin: has permissions to manage users, configure model inputs, and application settings.
    • Viewer: user role with read-only permission

Refer to this troubleshooting guide if you are experiencing SAML integration issues or contact us directly at

Edit this doc on Github