B2B Onboarding
Set up a new customer organization and assign roles correctly from day one.
CostLens is a B2B product. Each customer company is a separate Organization with its own members, AWS accounts, and data. This guide explains how to correctly set up an organization and assign roles from day one.
How a new customer organization is created
First user signs in via Aezona SSO
The first person from a company signs in via Aezona SSO (auth.aezona.com/signin) using their company email (e.g. john@acme.com).
Organization is created automatically
CostLens automatically creates a new Organization named after the email domain (acme) with domain acme.com.
First user becomes Admin
That first user is automatically assigned the Admin role — they are the organization owner.
Subsequent users join automatically
Every subsequent user who signs in with an @acme.com email is automatically placed in the same organization with the default Viewer role.
Admin promotes users
The admin can then promote users to Operator or Admin from the Team page.
No setup is required at aezona.com for this to work. As long as SSO passes the user's real company email, domain-based org matching is fully automatic.
First admin's recommended setup checklist
| Step | Action |
|---|---|
| 1. Go to Organization | Verify your org name and set the correct SSO domain (e.g. acme.com) |
| 2. Connect AWS accounts | Add your AWS accounts using IAM Role (recommended) or Access Keys |
| 3. Run first sync | Trigger a manual sync to populate recommendations and billing data |
| 4. Invite your team | Go to Team → Invite Member. Assign Operator to DevOps engineers, Viewer to stakeholders |
| 5. Review recommendations | Check the Recommendations page for immediate cost-saving opportunities |
Role assignment strategy for B2B teams
| Role | Who should have it |
|---|---|
| Admin | CTO, Cloud Architect, or whoever owns the AWS accounts. 1–2 people maximum. |
| Operator | DevOps engineers, SREs, or platform engineers who need to sync and apply fixes. |
| Viewer | Finance team, management, auditors, or anyone who needs read-only cost visibility. |
Tip
Keep the number of Admins small. Only Admins can add AWS accounts and manage team members — these are high-trust actions.
How Aezona engineers manage your organization
As a B2B platform, Aezona engineers have platform-level access to all customer organizations for support and compliance purposes. This is governed by Aezona's internal compliance policy.
| What they can do | View all organizations, edit org name/domain, change member roles, deactivate/reactivate members |
|---|---|
| When they act | Only in response to a verified support request, escalation, or compliance requirement — never proactively |
| How it's logged | All platform-admin actions are performed under the engineer's named account and subject to internal audit |
| How to request | Email support@aezona.com with your organization name and the action needed |
Compliance note
Platform-admin access follows the principle of least privilege. Aezona engineers cannot modify your AWS credentials, view your AWS resource data directly, or access your billing payment details. They can only manage org settings and user roles within CostLens.