OpenID Connect (OIDC) Single Sign-on

The OpenID Connect (OIDC) Single Sign-on feature provides several benefits for user access to the NetSuite UI and a web store. If the OIDC configuration is shared between various NetSuite accounts, users can switch between OpenID Connect (OIDC) Single Sign-on roles without requiring a separate login. User credentials and policies are managed by the OIDC provider (OP). NetSuite is the client, or relying party (RP).

OpenID Connect (OIDC) Single Sign-on is an alternative to SAML Single Sign-on. OIDC is an identity layer on top of the OAuth 2.0 protocol. OIDC uses JavaScript Object Notation (JSON) as the data format, and uses JSON Web Tokens (JWT) to transfer claims between parties.

Task List for OpenID Connect Single Sign-on Set Up

The following tasks must be completed to implement OpenID Connect (OIDC) Single Sign-on access to a NetSuite account.

To implement OpenID Connect Single Sign-on to NetSuite:

  1. Choose a vendor, an OpenID Connect provider (OP) and register NetSuite with your OP as the client, or relying party (RP). See Register NetSuite with Your OpenID Connect Provider.

  2. Click the link in each of the following steps for information about how to complete the setup for the OpenID Connect (OIDC) Single Sign-on feature in NetSuite:

    1. Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite.

    2. Configure OpenID Connect (OIDC) in NetSuite.

    3. Customize Roles for OpenID Connect and add OpenID Connect Permissions.

    4. Assign the OpenID Connect Single Sign-on Role to Users.

    5. Tell your users how to access NetSuite using OpenID Connect. See User Access to NetSuite with OpenID Connect.

See also Troubleshoot OIDC for information about resolving OIDC-related errors.

If you are interested in setting up OIDC access to Commerce web stores, familiarize yourself with the OIDC documentation in this section. Then, see OpenID Connect (OIDC) Access to Web Store.


OIDC Identity Provider-initiated logout is not supported for both UI and Commerce. As of 2020.2, NetSuite supports Relying Party-initiated logout for UI and Commerce.


if you are trying to implement outbound single sign-on, use the NetSuite as OIDC Provider feature. For more information, see NetSuite as OIDC Provider.

Related Topics


General Notices