1. Account Administration
  2. Authentication
  3. NetSuite as OIDC Provider
  4. NetSuite as OIDC Provider Tasks for Administrators
  5. Getting Started with NetSuite as OIDC Provider
  6. Create Integration Records for Applications that Use NetSuite as OIDC Provider for Outbound Single Sign-on

Create Integration Records for Applications that Use NetSuite as OIDC Provider for Outbound Single Sign-on

The application needs and integration record created before the code grant flow can be initiated. You can also edit an existing integration record to use NetSuite as OIDC Provider for outbound single sign-on. Administrators and users with the Integration Application permission can create integration records. For more information about integration records, see Integration Management.

To create an integration record for an application:

  1. Go to Setup > Integration > Integration Management > Manage Integrations > New.

  2. Enter a name for your application in the Name field.

  3. (Optional). Enter a description in the Description field.

  4. Select Enabled in the State field.

  5. (Optional). Enter a note in the Note field.

    Note:

    Values of the State , Note, and OAuth 2.0 Consent Policy fields are specific to one NetSuite account. If you install a record in a different account, the values may change. Values of the Name and Description fields are read-only if the record is installed in a different account. For more information, see Auto-Installation of Integration Records.

  6. On the Authentication tab, check or clear the appropriate boxes for your application:

    Field on the Authentication tab, under OAuth 2.0:

    Function of the field:

    Authorization Code Grant

    For more information, see NetSuite as OIDC Provider for Integration Application Developers.

    You must check this box for NetSuite as OIDC Provider to work.

    Redirect URI

    • Enter a valid redirect URI, where your application will handle the code.

    • The redirect URI is validated when you save the integration record.

    Important:

    The redirect URI must be configured as either the https:// scheme or a custom URL scheme (for example, myapp://callback). The http:// scheme is not supported. The transport layer security must be guaranteed on the redirect URI.

    Public Client

    (Optional). Check this box if you want to allow OAuth 2.0 public clients with this integration.

    Client Credentials (Machine to Machine) Grant

    The OAuth 2.0 client credentials flow cannot be used with the NetSuite as OIDC Provider feature.

    RESTlets

    This scope is only applicable for NetSuite as OIDC Provider integrations that use the access token for OAuth 2.0 authorization. For more information, see OAuth 2.0 for Integration Application Developers.

    REST Web Services

    This scope is only applicable for NetSuite as OIDC Provider integrations that use the access token for OAuth 2.0 authorization. For more information, see OAuth 2.0 for Integration Application Developers.

    SuiteAnalytics Connect

    This scope is only applicable for NetSuite as OIDC Provider integrations that use the access token for OAuth 2.0 authorization. For more information, see OAuth 2.0 for Integration Application Developers.

    Application Logo

    (Optional). You can select a file from your File Cabinet. Supported formats are JPEG, PNG and GIF.

    Application Terms of Use

    (Optional). You can select any PDF file from your File Cabinet.

    Application Privacy Policy

    (Optional). You can select any PDF file from your File Cabinet.

    OAuth 2.0 Consent Policy

    Select an option from the list. See the following for more details about these options:

    • Always Ask - This is the default option. The consent screen appears every time the OAuth 2.0 code grant flow is initiated.

    • Never Ask - The consent screen does not appear during the OAuth 2.0 code grant flow. The integration is autoapproved by an administrator.

    • Ask First Time - The consent screen only appears the first time the OAuth 2.0 code grant flow is initiated. The consent screen also appears if:

      • The system does not know which role or account to choose for the user to log in with

      • The application requires a different set of scopes and needs a new consent

    Integration application developers can adjust the consent screen option using the prompt parameter in Step One of the OAuth 2.0 code grant flow. For more information, see Step One GET Request to the Authorization Endpoint. See also Integration Record and Prompt Parameter Combinations.

  7. Click Save

Warning:

The system displays the client ID and client secret only the first time you save the integration record. After you leave this page, these values cannot be retrieved from the system. If you lose or forget the client ID and client secret, you will have to reset them on the Integration page to obtain new values. Treat these values like you treat a password.

Next, you must configure the audience to use the integration. For more information, see Configure NetSuite as OIDC Provider.

Related Topics

NetSuite as OIDC Provider
NetSuite as OIDC Provider Tasks for Administrators
Getting Started with NetSuite as OIDC Provider
NetSuite as OIDC Provider for Integration Application Developers
Troubleshooting NetSuite as OIDC Provider

General Notices