OpenID Connect (OIDC) Access to Web Store
OpenID Connect (OIDC) can be used as an alternative to SAML Single Sign-on. With OIDC, users have control over security administration, because an OpenID Connect provider (OP) manages it. OIDC access is supported for Commerce web stores.
Before setting up OIDC for your web store, make sure you read the full documentation for using OIDC in NetSuite. See OpenID Connect (OIDC) Single Sign-on.
You can use any certified OpenID Connect provider (OP); to find one, go to https://openid.net/certification. You can use the same OP vendor for both website and NetSuite access, or choose a different OP for each.
The following restrictions apply to the use of OIDC for Commerce websites:
-
OIDC access is supported only for websites on custom domains, not on netsuite.com.
-
You can't use both SAML Single Sign-on and OIDC Single Sign-on for the same website. You must choose one single sign-on method.
-
All users must use the same type of credentials, either logging in through the website form or the OP login form.
-
Your website must be fully protected to support OIDC Single Sign-on. To do this, follow these steps:
-
On the Set Up Web Site, on the Web Presence subtab, in the Web Site section, check the Advanced Site Customization box.
-
Go to Commerce > Websites > Website List and edit the web store record. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box.
-
OIDC configuration isn't shared between the NetSuite application and Commerce websites. An Administrator needs to configure OIDC on the SSO tab of the website’s setup page, and users must have a role with the OpenID Connect (OIDC) Single Sign-on permission to log in.
Before you begin, make sure the OpenID Connect (OIDC) feature is enabled in your NetSuite account. Go to Setup > Company > Enable Features. On the SuiteCloud tab, in the Manage Authentication section, check the OpenID Connect OIDC Single Sign-on box. See Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite for more information.
To set up OIDC for a web store, go to the Set Up Web Site page, on the SSO tab, and click the OIDC Provider Configuration subtab. Most fields on this subtab are the same as those on the OpenID Connect (OIDC) Setup page for the NetSuite application. For more information, see Configure OpenID Connect (OIDC) in NetSuite.
Set up OIDC for different web stores by completing the OIDC Provider Configuration subtab for each one. You can use the same OP vendor for multiple sites, or pick different OP vendors for each if needed.
On the OIDC Provider Configuration subtab, you must configure the following:
-
Client ID and Client Secret – enter the values you get from your OP. See Register NetSuite with Your OpenID Connect Provider for more information.
-
Choose either Set Configuration From URL or Set Configuration Manually. For both, enter the values you get from your OP. See Register NetSuite with Your OpenID Connect Provider for more information.
-
Click Save.
OpenID Connect provider–initiated (OP) flow, is not supported.