Configuring Single Sign-On Between EPM Cloud and NetSuite

You can establish SSO between Oracle Enterprise Performance Management Cloud and NetSuite deployments using user identities stored in a SAML 2.0 compliant identity provider.

Note:

The procedures in this section have been tested using Okta as the identity provider that stores user identities. You can use any SAML 2.0 compliant identity provider to enable SSO.

SSO access between NetSuite and EPM Cloud is permitted only for users who have accounts in the user directories of NetSuite, Okta, and EPM Cloud identity domain.

For step-by-step instructions on configuring SSO between EPM Cloud and Oracle Fusion Cloud, see "Configuring Single Sign-On Between EPM Cloud and NetSuite" in Configuring Single Sign-On for Oracle Enterprise Performance Management Cloud.

Prerequisites

  • All users of NetSuite and EPM Cloud are available in the SAML 2.0 compliant identity provider that you are using.

  • EPM Cloud users who need SSO access were created and provisioned in the identity domain that services EPM Cloud. For detailed instructions to create and provision users, see "Adding Users and Assigning Roles" in Getting Started with Oracle Cloud.

    After enabling SSO, all EPM Cloud users will be able to navigate to NetSuite without being challenged for credentials. For these users, functional access is controlled by NetSuite roles and permissions.

  • Users who need SSO access have been created and provisioned in NetSuite. For detailed information, see NetSuite documentation.

    After enabling SSO, only the users in NetSuite who have been granted a NetSuite role that assigns SAML Single Sign-on access will be able to navigate to EPM Cloud without going through an additional sign in process.

    Before starting the SSO configuration process, make sure that all users who need SSO access to EPM Cloud can access and work in NetSuite.

Configuration Steps

Tasks to complete in the Identity Provider (for example, Okta)

Note:

Use the documentation of the identity provider to complete these steps.
  • Create and activate users who need SSO access between NetSuite and EPM Cloud resources as users in your organization's identity provider.

  • Add NetSuite as an application, and provision the users who can use SSO.

  • Add EPM Cloud as an application, and provision the users who can use SSO.

Tasks to complete in NetSuite

Note:

Use NetSuite documentation to complete these steps.
  • Configure and enable SAML SSO.

    For Okta-specific instructions, see How to Configure SAML 2.0 for Netsuite.

  • Create a SAML role that allow users to perform SAML SSO.

  • Provision NetSuite users with the SAML role.

  • Import the identity provider's (for example, Okta's) metadata file. You created this file as a part of creating the NetSuite application in Okta.

Tasks to complete in EPM Cloud