OpenID Connect (OIDC) Access to Web Store
OpenID Connect (OIDC) can be used as an alternative to SAML Single Sign-on. With OIDC, users have autonomy over security administration, because an OpenID Connect provider (OP) manages security administration. OIDC access is supported for Commerce web stores.
Before you attempt to set up OIDC access to your web store, read and understand the complete documentation for using OIDC in NetSuite. See OpenID Connect (OIDC) Single Sign-on.
You can use any certified OpenID Connect provider (OP). To find a certified OP vendor, go to https://openid.net/certification. You can use the same OP vendor for both web site access and NetSuite application access, or you can use a different OP for each purpose.
The following restrictions apply to the use of OIDC for Commerce websites:
-
OIDC access is supported only for websites on custom domains, not on netsuite.com.
-
You cannot use both SAML Single Sign-on and OIDC Single Sign-on for the same website. You must choose one single sign-on method.
-
All users must use the same type of credentials, either login in using the website login form or OP login form.
-
A website must be fully protected to support OIDC Single Sign-on feature. To provide this protection, you must do the following:
-
On the Set Up Web Site, on the Web Presence subtab, in the Web Site section, check the Advanced Site Customization box.
-
Go to Commerce > Websites > Website List and edit the web store record. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box.
-
The OIDC configuration is not shared between the NetSuite application and Commerce websites. An Administrator must configure OIDC on the SSO tab of the website’s setup page. Website users must be assigned a role with the OpenID Connect (OIDC) Single Sign-on permission to log in to the website successfully.
Before you begin, make sure that the OpenID Connect (OIDC) feature is enabled in your NetSuite account. Go to Setup > Company > Enable Features. On the SuiteCloud tab, in the Manage Authentication section, check the OpenID Connect OIDC Single Sign-on box. See Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite for more information.
To set up OIDC for a web store, go to the Set Up Web Site page, on the SSO tab, and click the OIDC Provider Configuration subtab. Most fields on this subtab are the same as those on the OpenID Connect (OIDC) Setup page for the NetSuite application. For more information, see Configure OpenID Connect (OIDC) in NetSuite.
You can set up OIDC for different web stores by completing the OIDC Provider Configuration subtab of the Set Up Web Site page for each web store. You can use the same OP vendor for multiple web sites. You also have the option of defining different OP vendors for each web site if needed.
On the OIDC Provider Configuration subtab, you must configure the following:
-
Client ID and Client Secret – enter values you obtained from your OP. See Register NetSuite with Your OpenID Connect Provider for more information.
-
Choose either Set Configuration From URL or Set Configuration Manually. In both fields, enter values you obtained from your OP. See Register NetSuite with Your OpenID Connect Provider for more information.
-
Click Save.
OpenID Connect provider–initiated (OP) flow, is not supported.