1. SAML Single Sign-On
  2. Configuring the SAML Integration in SuiteProjects Pro
  3. Changing Profile Details or Upload the Metadata for an Identity Provider

Changing Profile Details or Upload the Metadata for an Identity Provider

You can change the profile details and upload the metadata for each identity provider on the SAML single sign-on integration administration page at any time.

Note:

OpenAir is now SuiteProjects Pro. As of 5 a.m. Eastern Time (UTC–5) on January 25, 2025, for your sandbox account, and on February 15, 2025, for your production account, service URLs with the netsuitesuiteprojectspro.com domain name replace URLs with the openair.com domain name.

Note that existing SAML single sign-on implementations are not expected to require any updates. The service provider entity IDs and assertion consumer service (ACS) URLs have not changed for existing identity provider profiles.

For identity provider profiles added after February 15, 2025, service provider entity IDs continue to use the openair.com domain name and ACS URLs use the netsuitesuiteprojectspro.com domain name.

For more information about the change, see Introducing SuiteProjects Pro.

To change profile details or upload the metadata for an identity provider:

  1. Go to Administration > Global Settings > Account > Integration: SAML Single Sign-On.

  2. Click the name of the identity provider profile.

  3. Change all profile details and upload the metadata for the identity provider as required. The form includes the following information:

    • Identity provider name — (Required) Enter a name for the identity provider profile.

    • SAML identity provider metadata — To upload or change the metadata for the identity provider, click Choose and select the SAML metadata file from your computer. The selected document will be uploaded when you save the form. The file must be a valid XML document to be uploaded and must be a valid SAML 2.0 metadata file for SAML SSO to work.

    • Active identity provider — Check the box to mark the identity provider profile as active. Only active identity providers can be used for service provider or identity provider initiated single sign-on.

    • Default identity provider — Check the box to mark the identity provider profile as the new default profile. There can only be one default profile at any one time. If none of the existing profiles are marked as default, the legacy profile is the default profile.

    • Notes — Enter any relevant notes for the identity provider profile.

    • Service Provider | Entity ID — (Read only) This is generated automatically by SuiteProjects Pro. This is SuiteProjects Pro service provider Entity ID. Click the link to fetch the SAML metadata for SuiteProjects Pro service provider. You will need this information when configuring the identity provider service for the integration.

    • Service Provider | Assertion consumer service (ACS) URL — (Read only) This is generated automatically by SuiteProjects Pro. You will need this information when configuring the identity provider service for the integration.

    • Protocol Settings | Enable service provider initiated SSO — Check this box to enable this identity provider profile to be used for service provider initiated single sign-on (SP-initiated SSO). The identity provider profile must also be set as the default profile to be used for service provider initiated SSO.

      Important:

      An identity provider profile can only be used for service provider initiated single sign-on if both the following conditions are met:

      • The identity provider profile is the default identity provider profile.

      • The Enable service provider initiated SSO box is checked.

      The SuiteProjects Pro sign-in page for single sign-on users cannot be used to sign in to SuiteProjects Pro otherwise.

    • Protocol Settings | Enable Service Provider Initiated SSO ForceAuthn — Check this box to include the ForceAuthn flag in service provider initiated requests. ForceAuthn is an optional SAML feature that acts as a signal to the identity provider to require some form of user interaction when handling the request, overriding the usual implicit assumption that it is acceptable to reuse authentication state from an earlier request. The effect depends on the identity provider service and configuration.

Identity provider profile form.