Outbound Single Sign-on (SuiteSignOn)


The Outbound Single Sign-on (SuiteSignOn) feature is scheduled for end of support in 2024.2. You should update your integrations to use NetSuite as OIDC Provider, as soon as possible.

As of 2024.1, support for the SuiteSignOn feature ends for non-production accounts, such as sandbox accounts.

The outbound single sign-on implementation in NetSuite is called SuiteSignOn. SuiteSignOn enables users to be authenticated in the NetSuite user interface. Then, users can click a link in the NetSuite UI and go directly to an external web application, without any additional authentication. These links, called connection points, currently are supported in NetSuite custom subtabs, custom portlets, Suitelets and user event scripts. NetSuite provides a SuiteSignOn setup page where application providers can enter data used for connection points.


Calls initiated by SOAP web services are not supported by SuiteSignOn.


NetSuite supports SuiteSignOn access for web stores. For more information, see Outbound Single Sign-on (SuiteSignOn) Access from Your Web Store.

SuiteSignOn Benefits

The SuiteSignOn feature provides the following benefits:

  • Improved usability - Users can access other applications with their NetSuite login credentials. They do not need to repeatedly log in and log out of multiple applications, or manage multiple sets of login credentials. They can log in to NetSuite, and access applications within a single UI.

  • Increased security and central access control - The password policy that is enforced for NetSuite access is enforced for any integrated application, providing consistency and limiting potential security issues.

  • Reduced IT and support costs - The rollout of integrated applications is simplified because there is no need to maintain multiple databases for user credentials and access control.

  • NetSuite as the single trusted system for authentication - Access from the NetSuite UI to an external application UI is limited to an iFrame. The external application does not have rights to change data in NetSuite except through specialized SOAP web services calls.

  • More secure SOAP web services integrations - The integrated application can use an already active session to transmit data to NetSuite through SOAP web services calls, without the user logging in again. Changes submitted through SOAP web services are reflected in the NetSuite audit trail for the user who makes the specific changes. SOAP web services use the same role that the user logged in with to NetSuite.


If you are attempting to implement inbound single sign-on from an external application to NetSuite, use one of the following NetSuite inbound SSO features:

See also Authentication Overview, which includes a Single Sign-on (SSO) Overview section.

Related Topics

SuiteSignOn Overview
Understanding SuiteSignOn
SuiteSignOn Sequence Diagram and Connection Details
SuiteSignOn Required Features
Setting Up SuiteSignOn Integration
Creating SuiteSignOn Records
Creating SuiteSignOn Connection Points
Editing SuiteSignOn Records
Creating a SuiteSignOn Bundle
Making SuiteSignOn Integrations Available to Users
SuiteSignOn Definitions, Parameters, and Code Samples
Troubleshooting SuiteSignOn (Outbound SSO)

General Notices