NetSuite Changelog
SecuritySecurityIntegrationNew FeatureSetupHow-To

SAML Single Sign-on Setup Steps in NetSuite

SAML Single Sign-on setup in NetSuite includes enabling features, assigning permissions, and configuring user roles.

·2 min read·View Oracle Docs

To get started with SAML Single Sign-on (SSO), some preliminary setup steps must be completed in your NetSuite account. This process is vital for ensuring secure access management through SAML integration with identity providers (IdPs).

How to Enable the SAML Single Sign-on Feature

To enable the SAML Single Sign-on feature, follow these steps:

  1. Navigate to Setup > Company > Setup Tasks > Enable Features and click the SuiteCloud subtab.
  2. In the Manage Authentication section, check the SAML Single Sign-on box. Agree to the SuiteCloud Terms of Service when prompted.
  3. Click Save.

Warning: By enabling the SAML Single Sign-on feature, users can access your NetSuite account through third-party services, which may have different authentication and security protocols. It’s crucial that your implementation complies with any relevant security standards, including PCI Data Security Standards.

How to Add SAML SSO Permissions to Roles

You can customize roles in NetSuite to include permissions for SAML SSO. This enables existing roles to facilitate SSO for users who require it. Here’s how:

  1. Go to Setup > Users/Roles > User Management > Manage Roles.
  2. Select the role to customize and click Customize.
  3. Renaming the role to reflect SAML usage is recommended for clarity.
  4. Click the Permissions subtab and select the respective SAML permission from the Setup subtab.
  5. Click Add to assign the necessary SAML permissions to the role.
  6. Click Save after adding the required permissions.

Important Notes on SAML Permissions

  • If a role is set to require two-factor authentication (2FA) and SAML SSO is added, the 2FA requirement will be bypassed, as SAML permissions take precedence.
  • Review the SAML SSO Permissions documentation for detailed information on the specific permissions applicable in this context.

By following these steps, administrators can effectively prepare their NetSuite account and roles for secure SAML Single Sign-on access, ensuring users can authenticate seamlessly through their chosen identity providers.

Key Takeaways

  • Enabling SAML Single Sign-on allows third-party access through an identity provider.
  • Roles must be customized to include SAML SSO permissions for users.
  • Compliance with security standards is crucial when implementing SSO.

Frequently Asked Questions (4)

How do I enable SAML Single Sign-on in NetSuite?
To enable the SAML Single Sign-on feature, navigate to Setup > Company > Setup Tasks > Enable Features, and click the SuiteCloud subtab. In the Manage Authentication section, check the SAML Single Sign-on box and agree to the SuiteCloud Terms of Service.
Do I need to modify NetSuite roles to use SAML SSO?
Yes, you need to customize roles to include SAML SSO permissions. This involves selecting roles in Setup > Users/Roles > User Management > Manage Roles, customizing them, and adding the necessary SAML permissions under the Permissions subtab.
What happens to two-factor authentication when SAML SSO is enabled for a role?
If two-factor authentication (2FA) is required for a role, enabling SAML SSO for that role will bypass the 2FA requirement, as SAML permissions take precedence.
Are there security concerns when enabling SAML Single Sign-on in NetSuite?
Yes, enabling SAML Single Sign-on allows third-party access, which may involve different authentication and security protocols. It's crucial to ensure your implementation complies with relevant security standards, such as PCI Data Security Standards.
Source: Complete Preliminary Steps in NetSuite for SAML SSO Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in Security

View all Security articles →