Single Sign-On Only Role Configuration in NetSuite
Configure Single Sign-On Only roles in NetSuite to ensure users can access accounts solely through OIDC SSO.
The Single Sign-On Only role in NetSuite is designed specifically for users who will access the platform exclusively through OpenID Connect (OIDC) single sign-on (SSO). When you designate a role as Single Sign-On Only, users must authenticate through OIDC, which enhances security by ensuring that credentials are managed by an external application.
Setting Up a Single Sign-On Only Role
To configure a role as Single Sign-On Only, follow these steps:
- Navigate to the role customization screen via Setup > Users/Roles > Manage Roles.
- Select the desired role to customize.
- Check the Single Sign-On Only box.
This setting enforces the use of OIDC SSO, preventing access through the NetSuite web interface or APIs without SSO authentication. Important: This role type is incompatible with NetSuite for Outlook and restricts access solely through the authorized application. This is particularly beneficial for organizations seeking tighter control over user credentials and authentication processes.
SAML vs. OIDC SSO
It's noteworthy that you do not need to check the Single Sign-On Only box if you intend to utilize SAML single sign-on, as it is single sign-on only by default.
Limitations
- Users assigned to a Single Sign-On Only role cannot access the NetSuite platform through the standard user interface or web services without the OIDC SSO.
- Integration with certain applications, like NetSuite for Outlook, is not supported with this role configuration.
Best Practices
- Ensure your OIDC provider is correctly set up and integrated with your NetSuite account before implementing Single Sign-On Only roles.
- Regularly review and update role assignments to align with your organization's security policies and access strategies.
Frequently Asked Questions (4)
What steps are involved in configuring a Single Sign-On Only role in NetSuite?
Are Single Sign-On Only roles compatible with NetSuite for Outlook?
Can I use SAML SSO instead of OIDC for a single sign-on only role?
Does enabling Single Sign-On Only affect access through NetSuite's web services?
Was this article helpful?
More in Authentication
- SuiteCommerce Authentication Enhancements in NetSuite 2024.1
SuiteCommerce authentication enhancements introduced in version 2024.1 improve security and personalization in eCommerce solutions.
- Domain Settings Transition to DNS Challenges in NetSuite 2024.1
Starting in NetSuite 2024.1, domain verification shifts from HTTP to DNS challenges, enhancing security and streamlining configurations.
- End of Support for RSA PKCSv1.5 in NetSuite 2025.1
NetSuite 2025.1 ends support for RSA PKCSv1.5 in OAuth 2.0, requiring updates to integration methods.
- End of Support for SMS/Voice Call 2FA in NetSuite 2023.2
NetSuite 2024.1 discontinues SMS/voice call 2FA. Transition to an authenticator app is required by March 1, 2024.
Advertising
Reach Authentication Professionals
Put your product in front of NetSuite experts who work with Authentication every day.
Sponsor This Category