NetSuite SSO : Enhance your security and streamline your login process

Seriously, who remembers their password? Not me!

Passwords are infuriating. These days, I want to log in to my computer with my one and only password then watch my browser log me in everywhere else. Easy. NetSuite SSO (Single Sign-On) gives you this easy life.

With NetSuite SSO, users can have access to NetSuite and their other applications with the same set of credentials. If they are already logged in elsewhere it may even allow them to log in without entering those credentials. It removes a barrier to using the system which will result in far greater adoption from a business. In larger organizations where adoption from middle management and lower is needed across a vast spread of departments this is greatly beneficial.

As well as providing smoother access to the system the NetSuite SSO solution also has a number of security benefits.

This solution helps to reduce the risk of weak passwords that could open your NetSuite system to unverified users. With SSO, users only need to remember a single set of login credentials, which makes it easier for them to use a solitary, strong and compliant password to access all their applications.

SSO also provides a way to monitor user access to NetSuite, enabling organizations to track user activity and identify potential security issues. For example, if an employee attempts to log in from a new device or location, SSO can be configured to require additional authentication measures, such as two-factor authentication, to verify the user’s identity.

Not yet a NetSuite SSO user and struggling to log in? Here are 3 ways to update your NetSuite password.

Available NetSuite SSO Protocols

SAML stands for Security Assertion Markup Language and it is the most common protocol used for Single Sign-On in to NetSuite.

SAML is an XML based framework. It works by using an identity provider (IdP) to authenticate the user, and then issuing a security token that contains the user’s identity information. This security token is then used to grant the user access to the desired application without requiring the user to enter their credentials again.

You can learn more about the technicalities of how SAML Authentication works here.

Setting Up NetSuite SAML SSO

Enabling the NetSuite SSO Feature SAML Single Sign-On

Prerequisites for Setting Up SAML SSO in NetSuite

Before creating the SAML application there are a few preliminary steps you need to take. You must enable the feature, add the relevant permissions and obtain the service provider metadata.

Enable the Feature

To enable the SAML Single Sign-On feature you should first log in to an Administrator role in NetSuite.

Navigate to Setup > Company > Enable Features.

Accessing the Enable Features menu in NetSuite in order to activate NetSuite SSO

Under the SuiteCloud tab find the Manage Authentication section and enable SAML Single Sign-On by checking the box.

Enabling the SAML Single Sign-On feature in NetSuite

After checking the box for the first time you will need to agree to the Terms of Service that pop up.

Click Save on the Enable Features page to confirm the action.

Applying Permissions to Roles

Two new permissions will be available after enabling the SAML Single Sign-On feature. They should be used in the following ways.

PermissionRequired LevelPurpose
Set Up SAML Single Sign-OnFullRequired to set up SAML SSO
SAML Single Sign-OnFullRequired to use SAML SSO

Single Sign-On is set up on a per role basis. Before making the solution live, all eligible roles will need to be updated with the SAML Single Sign-On permission.

Be aware the Administrator role does not have this permission as default. If an Administrator would like to use NetSuite SSO then a custom role should be set up that includes the SAML Single Sign-On permission.

If any role, other than Administrator needs to view the SAML SSO Setup page they will need to be assigned the Set Up SAML Single Sign-On permission. The Administrator role has this permission as default.

Obtain the Service Provider Metadata

Whatever Id service you are using to set up the integration with, you will need metadata from NetSuite.

Navigate to Setup > Integration > SAML Single Sign-On.

Accessing the SAML Single Sign-On setup page.

Click the link in the NetSuite Service Provider Metadata field.

Locating the NetSuite Service Provider Metadata field

From the XML file that loads you may need some or all of the following values.

ElementAttributeExample
EntityDescriptorentityIDhttp://www.netsuite.com/sp
SingleLogoutServiceLocationhttps://system.na3.netsuite.com/saml2/slopost
SingleLogoutServiceResponseLocationhttps://system.na3.netsuite.com/saml2/slopost
AssertionConsumerServiceLocationhttps://system.netsuite.com/saml2/acs

Configuring the Identity Provider for NetSuite SSO

There are several options you can use to integrate with NetSuite for Single Sign-On. Each option will have a slightly different set up and you may have to involve a subject matter expert from your business to assist in this configuration.

NetSuite provide detailed instructions on how to configure SAML Single Sign-On with Oracle IDCS here.

You can find instructions for connecting with Azure AD here.

Be aware that the instructions for Azure AD are vague in regards to the Reply URL to be used. Refer to the Obtain the Service Provider Metadata section above. Find the <AssertionConsumerService> Location. This URL will be the value required for Reply URL in the Azure SAML Setup.

Configuring SAML Single Sign-On in NetSuite

You will now need to configure the SAML SSO Setup page in NetSuite.

Navigate to Setup > Integration > SAML Single Sign-On.

Populate the Logout Landing Page. You more than likely want this to be https://system.netsuite.com. This is the page users will be directed to when they log out but is also the page they see when timeouts occur.

Check the Primary Authentication Method checkbox. Checking this box means that users will always be redirected to the login page of their identity provider.

NetSuite Configuration of SAML SSO

In the Set Up Identity Provider section of the page you’ll find a field to Upload an IDP Metadata File. You should have obtained this file when completing the previous section, Configuring the Identity Provider for NetSuite SSO.

Select the Upload IDP Metadata File radio button, then browse for and select the file.

Click Submit on the SAML Setup page.

Using NetSuite SSO

Assuming you already updated your roles with the SAML Single Sign-On permission, your users are now ready to log in via the new method.

The regular NetSuite log in page, however, will not work for them now. You will need to publish a new URL to your users. That URL is account specific and made up in the following way –

https://system.netsuite.com/app/center/card.nl?c=<accountID>

Your Account ID can be found in a number of places including:

  • The start of your logged in, non SSO NetSuite URL,
  • Navigate to Setup > Company > Company Information and find the Account ID field,
  • Click the Contact Support link in SuiteAnswers and your Account ID will be displayed.

Ensure users forget their old log in link and only log in via this new link. They may need to clear their browser’s cache in order for that to happen. For more information on this and other NetSuite SSO login issues, visit this article.


If you have NetSuite SSO for your production account only, you may be experiencing issues when trying to access your Sandbox. Follow these guidelines to access Sandbox. If you are going to be using NetSuite SSO and non SSO roles then I advise you to use separate browsers or private and non private browsing sessions.

Still having trouble logging in? Maybe NetSuite is down. Find out what you’re supposed to do here.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *