Set Up and Configure SAML SSO in More Than One Account
The Shared Identity Provider (IdP) feature in 2018.1 introduced the possibility to trust the same IdP from multiple NetSuite accounts.
This list details four important changes when using the Shared IdP feature:
-
There is no longer a unique constraint on the IdP entity ID in NetSuite.
-
Users can log in and switch between NetSuite accounts trusting the same IdP.
-
Administrators are no longer required to create independent service provider (SP) configurations on the IdP side for every NetSuite account.
-
Only one NetSuite SP configuration is required, which removes problems that may have been encountered due to IdPs requiring unique SP entity IDs.
Ensure you are not sending the account attribute. Using the account attribute locks users in a single account, unable to switch between multiple accounts that trust the same IdP.
If you previously set up your IdP configuration with the account attribute, you must update your IdP configuration. For more information, see Configure NetSuite with Your Identity Provider.
You can use the same IdP metadata file for all your NetSuite account types. However, your SAML configuration is not copied from your production account to other account types.
-
Sandbox - You must configure SAML in your sandbox account after each refresh, and when the refreshed sandbox has been activated.
-
Release Preview: - You must configure SAML in your Release Preview account when it becomes available before each new NetSuite release.
Related Topics
- SAML Single Sign-on
- Complete Preliminary Steps in NetSuite for SAML SSO
- Configure NetSuite with Your Identity Provider
- Complete the SAML Setup Page
- Update Identity Provider Information in NetSuite
- IdP Metadata and SAML Attributes
- Interactions with NetSuite Using SAML
- NetSuite SAML Certificate References
- Remove SAML Access to NetSuite
- SAML SSO FAQ
- SAML SSO in Multiple NetSuite Account Types