NetSuite Changelog
CommerceSecurityeCommerceIntegration

SAML SSO Restrictions for Web Store in NetSuite

Understand SAML SSO restrictions for web stores, including custom domain requirements and authentication methods.

·2 min read·View Oracle Docs

Starting with the SAML SSO implementation in NetSuite, several restrictions apply specifically to the Service Provider (SP)-initiated flow for web stores. These restrictions are crucial for ensuring that your web store functions correctly while maintaining authentication security.

What Are the SAML SSO Restrictions for Web Stores?

The following restrictions apply to the SAML SSO service provider-initiated flow:

  • Custom Domain Requirement: The SP-initiated flow is supported only for sites on custom domains; it does not work with netsuite.com domains.
  • Exclusive Authentication Method: You cannot utilize both SAML and OpenID Connect (OIDC) Single Sign-on for the same website. You must select one method.
  • Mandatory Website Protection: To use the SP-initiated flow, your website must be fully protected, which requires the following steps:
    1. On the Set Up Web Site form, navigate to the Web Presence subtab. In the Web Site section, ensure that the Advanced Site Customization box is checked.
    2. Access the record at Commerce > Websites > Website List and edit the web store record. On the Shopping subtab, within the Registration Page section, check the Password-Protect Entire Site box.

Additional Information on SAML SSO

It's important to note that SAML does not have to be the primary authentication method for web stores. If you want users to be redirected to an external Identity Provider (IdP) login page, remember to check the Primary Authentication Method box.

For more detailed interactions with NetSuite using SAML, you can refer to additional resources in the NetSuite documentation about SAML SSO integrations. Understanding these restrictions is essential for developers and administrators to implement secure and efficient single sign-on solutions for web stores across various industries.

Key Considerations

  • Always confirm you are using a custom domain for SAML SSO.
  • Decide on an authentication method early in your web store setup.
  • Protect your entire site to leverage the SP-initiated flow effectively.

Source: This article is based on Oracle's official NetSuite documentation.

Key Takeaways

  • The SP-initiated flow for SAML SSO is exclusive to custom domains.
  • SAML and OIDC cannot be used simultaneously for the same website.
  • Full website protection is mandatory for utilizing these SSO features.

Frequently Asked Questions (4)

Does the SAML SSO SP-initiated flow work with netsuite.com domains?
No, the SP-initiated flow for SAML SSO only supports sites on custom domains and does not work with netsuite.com domains.
Can SAML and OpenID Connect (OIDC) be used simultaneously for a NetSuite web store?
No, you must choose either SAML or OpenID Connect (OIDC) as the single sign-on method for a website; both cannot be used together.
What steps are necessary to protect a website for SP-initiated SAML SSO flow in NetSuite?
To protect your website, check the 'Advanced Site Customization' box on the 'Set Up Web Site' form under the 'Web Presence' subtab. Then, on the web store record under the 'Shopping' subtab, make sure to check the 'Password-Protect Entire Site' box.
Is the SAML SSO SP-initiated flow mandatory as the primary authentication method?
No, SAML is not required to be the primary authentication method. You can choose to redirect users to an external IdP login page if desired by selecting the 'Primary Authentication Method' box.
Source: SAML SSO Restrictions for Web Store Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in Commerce

View all Commerce articles →