1. Commerce
  2. System Management
  3. SuiteCommerce Integrations
  4. Single Sign-on Integration with External Websites
  5. SAML Single Sign-on Access to Web Store

SAML Single Sign-on Access to Web Store

With SAML Single Sign-on (SSO), you can set up your site so users who’ve logged in to an external identity provider (IdP) can click a link and go straight to your NetSuite web store. They don’t have to log in again, since the same IdP handles login for both the external app and your web store. When someone uses SAML SSO to get to your web store, they’re sent to a landing page you set up in NetSuite. SAML SSO works with SuiteCommerce and SiteBuilder web stores.

Important:

Before you attempt to set up SAML for your web store, make sure you read all the SAML SSO documentation in NetSuite. See SAML Single Sign-on.

Any SAML 2.0-compliant application can be the IdP for SAML access to NetSuite web stores. You can use the same IdP for both your website and NetSuite, or set up different ones for each.

For more information about SAML SSO for web stores, see the following:

SAML SSO Restrictions for Web Store

The following restrictions apply to the SAML SSO service provider-initiated flow (SP-initiated flow):

  • The SP-initiated flow is supported onlyworks for sites on custom domains, not on netsuite.com.

  • You can't use both SAML and OIDC Single Sign-on for the same website; you must choose one.

  • Your website needs to be fully protected to use the SP-initiated flow. To protect your website, you must do the following:

    1. On the Set Up Web Site form, go to the Web Presence subtab. In the Web Site section, check the Advanced Site Customization box.

    2. Go to Commerce > Websites > Website List and edit the web store record. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box.

For more information about the SP-initiated flow, see Interactions with NetSuite Using SAML.

Important:

SAML doesn’t have to be the primary authentication method for web stores. Check the Primary Authentication Method box if you want users to be sent to the external IdP login page.

SAML SSO Setup for Web Store

The first step for SAML SSO setup is to make sure that the SAML SSO feature is enabled in your NetSuite account. Go to Setup > Company > Enable Features, and click the SuiteCloud tab. In the Manage Authentication section, check the SAML Single Sign-on box to enable SAML SSO. For more information, see Complete Preliminary Steps in NetSuite for SAML SSO.

To set up SAML Single Sign-on for a web store, go to the SAML subtab of the SSO subtab of the Web Site Set Up page in your NetSuite account. Most fields on the SAML subtab of the SSO subtab of the Web Site Setup page are the same as those on the SAML Setup page for the NetSuite application. For more information, see Complete the SAML Setup Page.

You can set up SAML for different web stores by completing the SAML subtab of the Web Site Setup page for each one. You can use the same IdP for multiple websites. You can also define different IdPs for each website if needed.

Important:

You must use a unique value for the entityID parameter in the metadata file for each website.

Related Topics

General Notices