1. Account Administration
  2. Authentication
  3. OpenID Connect (OIDC) Single Sign-on
  4. Register NetSuite with Your OpenID Connect Provider

Register NetSuite with Your OpenID Connect Provider

To find a certified OpenID Connect provider (OP), go to https://openid.net/certification.

It is not possible to provide detailed instructions for configuring NetSuite as a client or relying party (RP) with your OIDC provider (OP). See the following procedure for basic guidance on what must be accomplished to set up OpenID Connect access to NetSuite with your OP. The exact steps will vary, depending on the vendor you select as your OP.

Warning:

Using OpenID Connect provider (OP) that is not certified might cause your OpenID Connect (OIDC) Single Sign-on configuration to work improperly.

To configure OpenID Connect with your OP:

  1. Go to the website for your OP or use your on-premises administration console. Follow the instructions from your OP to register the NetSuite application as the relying party (RP).

    Note:

    Be aware of the following:

    • The only supported client authentication method is client_secret_basic.

    • The supported signing algorithms for ID tokens are RS256, RS384, and RS512.

  2. It should be possible to specify more than one URI to redirect after login if a configuration is shared between multiple NetSuite accounts. The format for the login redirect URI is an account-specific domain URL in the following format:

    https://<accountID>.app.netsuite.com/app/login/secure/oidclogin.nl

    where <accountID> is a variable representing the NetSuite account ID.

  3. Ensure that the email addresses of OP users are the same as the email addresses of the NetSuite users in your account. You must enter the email address of each NetSuite user who needs single sign-on capability to your OP. This ensures that your users are able to access NetSuite with OIDC.

  4. When you have successfully completed registration with your OP, you are provided with a client ID and client secret, as well as a configuration URL. The format of the configuration URL is similar to this example:

    https://<OPAcctID>.<OPdomain.com>/.well-known/openid-configuration

    where <OPAcctID> and <OPdomain.com> represent variables.

    You will need the client ID, client secret and configuration URL values so that you can enter them on the OpenID Connect (OIDC) Single Sign-on setup page in NetSuite.

  5. Assign an application or relying party to the OP users so that they will be able to access NetSuite.

Related Topics

General Notices