1. Account Administration
  2. Authentication
  3. OpenID Connect (OIDC) Single Sign-on

OpenID Connect (OIDC) Single Sign-on

The OpenID Connect (OIDC) Single Sign-on feature gives you several benefits for accessing the NetSuite UI and your web store. If you share the OIDC configuration across different NetSuite accounts, users can switch between OIDC Single Sign-on roles without needing to log in again. The OIDC provider (OP) manages user credentials and policies. NetSuite acts as the client, or relying party (RP). OpenID Connect (OIDC) Single Sign-on is another option besides SAML Single Sign-on. OIDC adds an identity layer on top of the OAuth 2.0 protocol. OIDC uses JSON as the data format and relies on JSON Web Tokens (JWT) to transfer claims between parties.

Task List for OpenID Connect Single Sign-on Set Up

The following tasks must be completed to implement OpenID Connect (OIDC) Single Sign-on access to a NetSuite account.

To implement OpenID Connect Single Sign-on to NetSuite:

  1. Choose a vendor, an OpenID Connect provider (OP) and register NetSuite with your OP as the client, or relying party (RP). See Register NetSuite with Your OpenID Connect Provider.

  2. Click the link in each of the following steps for information about how to complete the setup for the OpenID Connect (OIDC) Single Sign-on feature in NetSuite:

    1. Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite.

    2. Configure OpenID Connect (OIDC) in NetSuite.

    3. Customize Roles for OpenID Connect and add OpenID Connect Permissions.

    4. Assign the OpenID Connect Single Sign-on Role to Users.

    5. Tell your users how to access NetSuite using OpenID Connect. See User Access to NetSuite with OpenID Connect.

See also Troubleshoot OIDC for information about resolving OIDC-related errors.

If you are interested in setting up OIDC access to Commerce web stores, familiarize yourself with the OIDC documentation in this section. Then, see OpenID Connect (OIDC) Access to Web Store.

Note:

OIDC Identity Provider-initiated logout is not supported for both UI and Commerce. As of 2020.2, NetSuite supports Relying Party-initiated logout for UI and Commerce.

Important:

if you are trying to implement outbound single sign-on, use the NetSuite as OIDC Provider feature. For more information, see NetSuite as OIDC Provider.

General Notices