FinOps: The Future of FinOps is CloudOps Learn why

Blog Automation & Orchestration Continuous Compliance Financial Management Release News

New in Release 3.7: Expanded Financial Ingest, Single Sign-On, and Security Capabilities

Emily Wayman

7 min read

Last updated on June 26th, 2023 at 11:13am

We're excited to bring you the latest updates in Kion that are set to elevate your cloud enablement experience.

Let’s take a look at some incredible new features, including creating AWS Billing Sources using the DBR+RT file format, adding OpenID Connect (OIDC) Implicit Flow for seamless single-sign on (SSO), requesting compliance finding suppression, and a range of usability improvements based on user feedback. We will also highlight accessibility enhancements and the advancements in the 3.6.x version line. (Because, guess what, all of those improvements are included in 3.7 too!)

Create AWS Billing Sources with DBR+RT Only

For customers without access to the AWS Cost and Usage Report (CUR), Kion now supports financial data ingest using the AWS Detailed Billing Report with Resources and Tags (DBR+RT) file format. Whether you get DBR+RT data from a third-party service or it’s the only available data source in your region, this expanded capability makes it easier to pull all your cloud financials into a single view.

This new functionality is available for both new and existing AWS billing sources. If you would like to update an existing source to use the DBR+RT, it’s as simple as updating the source in Kion and pointing it at a bucket containing the data files. And remember, the important thing is the *format*. As long as the file is in the correct format, we can ingest it - even if it’s from a third-party service.

For more information about configuring a billing source to use DBR+RT, see AWS Billing Sources.

SSO Login with OpenID Connect Implicit Flow

In addition to SAML 2 and Active Directory, Kion now supports OpenID Connect (OIDC) Implicit Flow for user authentication and single-sign on (SSO) access. This greatly expands our ability to integrate with identity providers, making it easier to connect your current IDMS to Kion without reworking the way you manage your users.

With our new OpenID IDMS option, you can import Well-Known Configurations for easy programmatic configuration; define scopes for dynamically determining access, permissions, and user group membership; and provide your users secure access using familiar flows and credentials.

For information about setting up an OpenID IDMS in Kion, see Add an OpenID IDMS.

New Workflow for Requesting Compliance Finding Suppression

We've eliminated compliance headaches with our streamlined finding suppression workflow. Your users can now request suppression of a compliance finding found in an OU/project using the same workflow they use for other project requests.

For example, you may have a compliance check that looks for public S3 buckets, but a developer might want to suppress findings for a specific bucket because it contains data that is designed for public consumption. Now, that developer can request a suppression with just a few clicks, and you can trust that request will be seen and approved by the right people.

For more information about requests and approvals, see Compliance Finding Suppression Requests.

Usability Improvements

You spoke, we listened. Based on user research, we found new and better ways to deliver the info you need in Kion.

How Much Have You Spent?

  • Spend percentages. Project cards now show a percentage value of how much budget has been spent for the project. With just a glance, you can have an idea of which projects are spending too fast, which ones are on track, and which ones could probably do with some budget adjustments.
  • Default spend time frames. There is a new System Setting where you can set the default aggregate spend and project spend time frames to show throughout the application. This setting can also be configured for individual users in their My User Settings.

What Exactly Can You Do?

  • Readable permissions. Many permission names and descriptions have been updated to provide more details about which resources they affect and what levels of access they grant.
  • Granular access and API permissions. We have refined permissions around cloud access roles and AWS API keys to increase granularity and control. Three new cloud access role permissions and three new API key permissions give you the precision to pinpoint exactly who can and cannot view, modify, and manage these resources.

What’s in Your Inbox?

  • Product Announcement Emails. Users can opt-in to Kion email announcements if they’d like to learn more about new features, best practices, and upcoming updates. This is also where we will reach out for feature feedback and user research in the future. If you don’t want users to have this option, that’s no problem. The opt-in is configured through a system setting. If it’s enabled, users will be given the option to sign up the first time they log in. If it’s disabled, they will never see a prompt. For more information, see Email and Notification Settings.
  • Notification Email Digest. Notifications are now compiled into digest emails, instead of each notification being sent in an individual email. When a notification is triggered, we start compiling a list of new notifications that occur within the next five minutes, group them by notification class, and send them in a single email. With this update, we encourage you to revisit your Notification Settings and enable email notifications for any items you would like notifications about. For more information, see Email and Notification Settings.


The latest version of Kion includes:

  • Notification and text colors have been updated throughout the application to increase contrast.
  • On/off toggles have been updated to be focusable and usable with screen readers.
  • The side navigation menu can be navigated using keyboard controls and is usable with screen readers.
  • Tables have been refactored to announce themselves as tables to assistive technologies.

In Case You Missed It

Patch releases for 3.6 included a number of improvements that you’ll also see included in 3.7. We made big changes around granular app permissions, new public API endpoints, security improvements, and database performance improvements.

Here are some of the bigger improvements from the 3.6 line that you'll see on 3.7:

  • AWS Secrets Manager. You can now configure Kion to use AWS Secrets Manager for application key storage and database credential retrieval.
  • AWS External IDs. When Kion creates a new AWS IAM role, we create an external ID and add it to the IAM role trust policy. This security layer helps prevent unauthorized access to accounts.
  • Limit cloud rule ownership to user groups. A setting has been added that removes the option to assign individual users as owners of cloud rules. This is useful for ensuring business continuity and preserving user privacy in multi-tenant environments.
  • Limit permissions to manage OU enforcements. A Manage OU Enforcements (Does Not Inherit) permission has been added. This permission allows users to manage and view enforcements on OUs they are directly given access to but not their descendant OUs and projects.
  • Public API endpoints for configuring Kion settings. We have added new endpoints for configuring application settings in Kion.
  • Assign viewers to user groups. You can now assign users as viewers of user groups. Viewers differ from owners in that they are not granted the permissions assigned to the user group, but they can see who is in it and select the user group when creating/editing cloud access rules, cloud rules, projects, permissions schemes, etc. For example, if a user is added as a viewer of the admin user group, they are not granted admin permissions. They can only see which other users are in the admin group and add the admin group to resources they manage.

That’s Not All! 

These are just the highlights! For details on all of our new features, changes, and bug fixes, read the full release notes on our Support Center (login required). 

If you're new to Kion, welcome! You can schedule a free demo to learn more about our comprehensive cloud enablement software. You can also follow us on Twitter and LinkedIn for more cloud enablement news. 

About the Author

Emily Wayman

Emily is the technical writer at Kion.

Start your cloud operations journey.

Request a demo today,