Configure OpenID Connect (OIDC) in NetSuite

A user with an Administrator role or a user that has the Set Up OpenID Connect (OIDC) Single Sign-on permission can access the OpenID Connect (OIDC) Single Sign-on setup page. To complete the setup in NetSuite, you will need information from your OpenID provider (OP) when you registered NetSuite as the relying party (RP).

To configure OpenID Connect:

  1. Go to Setup > Integration > Manage Authentication > OpenID Connect (OIDC) Single Sign-on.

  2. Enter the Client ID you obtained from your OP.

  3. Enter the Client Secret you obtained from your OP.

  4. (Optional) Enter the Post Logout Redirect URL as a valid URL value.


    The value of this field must match the value on OpenID Connect provider’s (OP) side. A user is redirected to this URL after successful logout.

  5. (Optional) Enter the Allowed Email Domains as comma-separated values.


    If you leave this field blank, users with any email domain can access NetSuite using OIDC. If you want to restrict access to only specific email domains, list them in this field.

    • For instance, if your company’s name was Example and your email domain was, you would enter:

    • However, some of your users may use different email domains to access your account. You should add those domains also. For instance:,, <AnotherEmailDomain>.com

  6. The Set Configuration From URL option is selected by default. Enter the Configuration URL you obtained from your OP.


    You should use the Set Configuration From URL option. However, if you choose the Set Configuration Manually option, you must gather the required information for the Issuer, Authorization Endpoint, Token Endpoint, and Certificate URL fields from your OP. Additionally, you can gather the required information for the End Session Endpoint field from your OP, if you want to use the relying party-initiated logout.

  7. Click Submit.

    You should see the following confirmation message in the UI: OpenID Connect (OIDC) configuration successfully saved.

    If you receive an error message, see Troubleshoot OIDC for more information.


The OIDC configuration is not shared between the NetSuite application and Commerce websites. An administrator must configure OIDC on the SSO tab of the website’s setup page. Website users must be assigned the OpenID Connect (OIDC) Single Sign-on permission to log in to the website successfully. For more information, see OpenID Connect (OIDC) Access to Web Store.

Related Topics

OpenID Connect (OIDC) Single Sign-on
Register NetSuite with Your OpenID Connect Provider
Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite
Customize Roles for OpenID Connect
OpenID Connect Permissions
Assign the OpenID Connect Single Sign-on Role to Users
User Access to NetSuite with OpenID Connect
Remove OpenID Connect Access to NetSuite
Troubleshoot OIDC
Authentication Overview

General Notices