Using Single Sign-On with NetSuite Analytics Warehouse

You can use single sign-on (SSO) to go from NetSuite to your Analytics Warehouse instance without entering your login credentials. To enable users do this, you need to:

• Have an account with an SSO service that uses Security Assertion Markup Language (SAML) or OpenID Connect (OIDC).

  The NetSuite Analytics Warehouse SSO currently supports these identity providers (IdP):

  • For SAML SSO: Azure, Okta.

  • For OIDC SSO: Azure, Okta, NetSuite.

• Have the NSAW Administrator role assigned.

• Have set up the initial data transfer.

Note:

All users who access the Analytics Warehouse with SSO need to be added to the SSO network (SAML or OIDC) first. If you want to let external users log in to the Analytics Warehouse with their own credentials, you need to ask Technical Support before setting up SSO. For more information about contacting Technical Support, see Technical Support.

Setting up SAML SSO for NetSuite Analytics Warehouse

You can enable users to access their Analytics Warehouse instance with SAML SSO. For more information about SAML SSO, see SAML Single Sign-on.

To set up SAML SSO for NetSuite Analytics Warehouse:

1. Get the metadata file from your IdP.

2. Verify that the users exist both in your IdP and in NetSuite Analytics Warehouse with the same email address. For more information, see Managing Users, Groups, and Access.

3. Enable SAML SSO in NetSuite. The process for enabling SAML SSO in NetSuite depends on your IdP.

4. Go to Setup > Integration > Configuration and click Log in to NetSuite Analytics Warehouse.

5. Click Authentication.

6. Select Enable SSO.

7. Select SAML as the IdP type.

8. Upload the IdP metadata file you saved in step 1.

9. Click Save.

10. Log in to NetSuite with the SSO user and role through the IdP.

Setting up OIDC SSO for NetSuite Analytics Warehouse

You can enable users to access their instance of NetSuite Analytics Warehouse with OIDC SSO. For more information about OIDC SSO, see OpenID Connect (OIDC) Single Sign-on.

To do this, you need to:

• Create an integration record.

• Set up OIDC SSO for NetSuite Analytics Warehouse.

• Set up and enable the roles.

Note:

Only users assigned the Administrator role can complete these steps. Also, only users assigned the NSAW Administrator role can set up OIDC SSO.

To create an integration record:

1. Go to Setup > Integration > Configuration and click Log in to NetSuite Analytics Warehouse.

   Note:

   Be sure that you see the login page. If you're automatically logged in to your Analytics Warehouse instance, you need to sign out to see the NetSuite Analytics Warehouse Login page and complete the following step.

2. Copy the login page URL from https:// up until oraclecloud.com, then add /oauth2/v1/social/callback at the end (for example, https://idcs-39681a0d2c9d40e486d5cbfec8e8aaab.identity.oraclecloud.com/oauth2/v1/social/callback). Save this URL for later and keep this tab open.

3. Go to Setup > Integration > Manage Integrations > New. For more information, see Creating an Integration Record.

4. Enter a name for the integration record.

5. Clear the TBA: Authorization Flow and Token-based Authentication boxes.

6. In the Redirect URI field, paste the URL you have created in step 2.

7. Click Save.

   Important:

   Don't close the integration record page until you've completed all steps in this section. You need information from this page to finish the setup.

To set up OIDC SSO for NetSuite Analytics Warehouse:

1. Open a new tab. Go to Setup > Integration > Configuration and click Log in to NetSuite Analytics Warehouse.

2. Click Authentication.

3. Select Enable SSO.

4. Select OIDC (OpenID Connect) as the IdP type.

5. In the Authentication System Settings section, enter the following information:

   • Go to the integration record page. Copy the Consumer Key / Client ID and paste it in the Client ID field.

   • Go to the integration record page. Copy the Consumer Secret / Client Secret and paste it in the Client Secret field.

   • In another tab, open NetSuite, go to Setup > Integration > NetSuite as OIDC Provider Setup, and copy the Metadata URL. Then go back to the NetSuite Analytics Warehouse tab and paste it in the Discovery service URL field.

6. Click Save.

To set up and enable the roles:

1. In NetSuite, go to Setup > Users/Roles > Manage roles.

2. Create a new role or find the one you want to enable OIDC SSO for, then click Customize or Edit. For more information, see Customizing and Creating Roles.

3. Go to the Permissions subtab and select the Setup sublist.

4. Add the following permissions to the role:

   • REST Web Services

   • Login using OAuth 2.0 Access Tokens

5. Click Save.

6. Assign this role to the employees you want to give OIDC SSO access to. For more information, see Assigning Roles to an Employee.

7. Go to Setup > Integration > NetSuite as OIDC Provider Setup.

8. Click the integration record you have created previously.

9. Click the Entities tab. In the Employees box, select the employees you want to give SSO access to and move them to the Selected Employees box.

10. Click the Roles tab. In the Roles box, select the roles you set up earlier and move them to the Selected Roles box.

11. Click Save.

Related Topics

• NetSuite Analytics Warehouse Overview
• Setting Up NetSuite Analytics Warehouse
• NetSuite Analytics Warehouse Basics
• Adding NetSuite Analytics Warehouse Workbooks to a Dashboard
• Merging Your NetSuite Accounts Data Into Your NetSuite Analytics Warehouse Instance

General Notices