SAML Single Sign-on

SAML (Security Assertion Markup Language) is an XML-based standard that supports communication of user data among various applications, called service providers (SPs). An identity provider (IdP) makes security assertions consumed by SPs. A single IdP can perform user authentication for many SPs. A particular SP and an IdP can establish a circle of trust by providing each other with metadata in an XML format defined by SAML specifications, so that the SP accepts users authenticated by the IdP.

The NetSuite SAML Single Sign-on feature is based on the SAML v2.0 specifications. For information about these specifications, click here. Any SAML 2.0-compliant application can serve as the IdP for SAML access to NetSuite.

The SAML Single Sign-on (SSO) feature supports inbound single sign-on access to NetSuite using authentication from a third-party IdP. This feature allows users logged in to an external application to go to NetSuite without providing further authentication. A user who accesses NetSuite using SAML SSO is directed to their NetSuite Home page. Administrators can use role-based permissions in NetSuite to control which users have SAML SSO access to NetSuite.


SAML SSO access to NetSuite UI honors any IP address rules for your company, or IP address restrictions for your employees, that you may have created in your NetSuite account. IP address rules or restrictions do not apply for SAML access to web stores or websites.


To use the SAML Single Sign-on feature, you need Full level for the SAML Single Sign-on permission. For more information, see NetSuite Permissions Overview.

Task List for SAML SSO Set Up

Setting up SAML SSO requires some back-and-forth between NetSuite and the IdP of your choice.

  1. In the NetSuite application, perform preliminary setup: enable the feature, create roles and assign SSO permissions, and assign users to the roles.

  2. Using the IdP of your choice: create your NetSuite service provider (SP) configuration. The procedure varies depending on the IdP you choose to use.


    Some IDPs already have NetSuite listed among their out-of-the-box service providers, others require that you configure the set up of NetSuite as new SAML service provider yourself.

  3. In the NetSuite application, complete the SAML Setup page: create the configuration in your account for your IdP.

See the following sections for detailed information about each step:

If you are interested in setting up SAML SSO access to your web store, familiarize yourself with the SAML SSO documentation in this section. Then, see SAML Single Sign-on Access to Web Store for more information.

Related Topics


General Notices