Permissions for Inbound Single Sign-on Methods

The correct permission to assign to a role for single sign-on (SSO) inbound access to NetSuite depends on the SSO feature enabled in your account.

OpenID Connect (OIDC) Single Sign-on Permission

OpenID Connect (OIDC) Single Sign-on is an inbound single sign-on (SSO) method to access NetSuite. OIDC is an identity layer on top of the OAuth 2.0 protocol. OIDC uses JavaScript Object Notation (JSON) as the data format, and uses JSON Web Tokens (JWT) to transfer claims between parties.

If the OIDC configuration is shared between different NetSuite accounts, users can switch between OpenID Connect (OIDC) Single Sign-on roles without requiring a separate login. User credentials and policies are managed by the OIDC provider (OP). NetSuite is the client, or relying party (RP).

When this feature is enabled, you can provide OIDC SSO access to your account users by assigning the OIDC Single Sign-on permission to their roles.

See Customize Roles for OpenID Connect and OpenID Connect Permissions for more information about the OpenID Connect (OIDC) Single Sign-on permission and granting OIDC access to center roles.

For more information about the OIDC feature in NetSuite, see OpenID Connect (OIDC) Single Sign-on.

SAML Single Sign-on Permission

The SAML Single Sign-on feature supports inbound single sign-on access to NetSuite using authentication from a third-party identity provider. This feature allows users who have logged in to an external application to go directly to NetSuite. Users do not need to log in separately to NetSuite, because authentication from the same identity provider is used for login to both the external application and NetSuite.

When this feature is enabled, you can provide SAML Single Sign-on access to your account users by assigning the SAML Single Sign-on permission to their roles.

See Add SAML Single Sign-on Permissions to Roles for more information about the SAML Single Sign-on permission, granting SAML access to center roles, and limitations and restrictions that apply to SAML permissions.

For more information about the SAML feature in NetSuite, see SAML Single Sign-on.

Related Topics

• NetSuite Permissions Overview
• Permissions and Restrictions
• Reviewing Permissions Assigned to Roles
• Access Levels for Permissions
• Permissions Documentation
• Core Administration Permissions
• Feature Permissions Documentation
• Using the Global Permissions Feature
• Giving Access to the Transactions Subtab on Entity Records
• Giving Access to Financial Statements
• Hiding Employee Information on Financial Reports
• Setting Permissions for Custom Records

General Notices