SAML Configuration for Single Sign-O...

To support SAML single sign-on access to NetSuite, specific configurations must be defined on the SAML Setup page. These include the Logout Landing Page and the optional Primary Authentication Method.

Logout Landing Page

Logout Landing Page refers to the URL where users will be redirected after logging out of NetSuite. To enable Single Logout functionality, you should specify an IdP Single Logout page.

Note: This functionality is not part of the SAML 2.0 standard, and its reliability may vary.

Primary Authentication Method

The Primary Authentication Method is an optional setting that modifies user redirection upon accessing NetSuite. By default, this box is unchecked:

If unchecked, users with no active NetSuite session will be redirected to the NetSuite login page. This can lead to confusion for users unfamiliar with their NetSuite login credentials.
If checked, users will be redirected to the external Identity Provider (IdP) login page, under specific conditions:
- The user has previously logged in, in which case the redirect helps preserve their session continuity.
- The access link includes the NetSuite account ID formatted as either:
  - https://system.netsuite.com/app/center/card.nl?c=<ACCOUNTID>
  - https://<accountID>.app.netsuite.com/app/center/card.nl

Note: With the Primary Authentication Method box checked, when users click a valid link with the c or compid URL parameter or an account-specific domain, they get redirected to the IdP login page. The originally requested URL will be passed as a RelayState parameter, as outlined in the SAML 2.0 specification. Therefore, this allows the IdP to redirect users back to the appropriate NetSuite resource after successful authentication. If the user is already logged into the IdP, they will not be prompted for credentials again and will return directly to the requested resource in NetSuite.

Users will also be redirected to the IdP login page when their session times out.

By implementing these configurations, organizations can streamline user access to NetSuite, ensuring a smoother single sign-on experience for their users.

Frequently Asked Questions (4)

What is the Logout Landing Page in SAML configuration for NetSuite?

The Logout Landing Page is a URL specified in the SAML setup where users will be redirected after logging out of NetSuite. To enable Single Logout functionality, you should specify an Identity Provider (IdP) Single Logout page; however, its reliability may vary as it is not part of the SAML 2.0 standard.

What impact does enabling the Primary Authentication Method have on user login behavior?

If the Primary Authentication Method is enabled, users will be redirected to the external Identity Provider (IdP) login page instead of NetSuite's login page if they have no active session. This helps maintain session continuity by preserving their session through the IdP, particularly when the login link contains the NetSuite account ID.

How does the Primary Authentication Method setting interact with the RelayState parameter?

When the Primary Authentication Method is enabled in NetSuite, the RelayState parameter is used to pass the originally requested URL to the IdP. This ensures that after successful authentication, the user can be redirected back to the specific NetSuite resource they initially wanted to access.

Under what conditions are users redirected to the IdP login page when using SAML with NetSuite?

Users are redirected to the IdP login page if the Primary Authentication Method is enabled and they click a link with a specific NetSuite account ID formatted in the URL, like those containing 'c' or 'compid' parameters, or if their session times out. Users will not be prompted for credentials again if they are already logged into the IdP.

SAML Configuration for Single Sign-On in NetSuite

Logout Landing Page

Primary Authentication Method

Frequently Asked Questions (4)

More in Authentication