1. Commerce
  2. System Management
  3. SuiteCommerce Integrations
  4. Single Sign-on Integration with External Websites
  5. SAML Single Sign-on Access to Web Store
  6. SAML SSO Configuration for Web Stores

SAML SSO Configuration for Web Stores

In the NetSuite Configuration section on the SAML subtab:

  1. Configure NetSuite for SAML SSO with your identity provider (IdP) and set up your IdP in NetSuite. You must provide information from the NetSuite Service Provider Metadata file in NetSuite to your IdP. Follow the instructions provided by your IdP. For more information, see Configure NetSuite with Your Identity Provider.

    Note:

    The site ID (SAML attribute = site) and account ID (SAML attribute = account) parameters are required. See Site Attribute.

  2. Enter the URL where users go after logging out of your web store in the Logout Landing Page field.

    Note:

    Both IdP–initiated and SP-initiated SAML Single Logout (SLO) are supported for web stores.

  3. The Landing Page After Login field is optional and specific to SAML setup for web stores. By default, SAML users land on your site home page, but you can enter a different URL in this field.

    If you enter a value for this field and use the secure Single Domain for your web store and checkout, the Landing Page After Login must be a secured URL.

    Important:

    The value of the Landing Page After Login field is not taken into account in the SP-initiated flow.

  4. If you've used the SAML Single Sign-on feature for a web store before, the Primary Authentication Method box is checked by default. This box is not checked by default for new web stores.

    • If the Primary Authentication Method box is cleared, SAML users need to click a link to access NetSuite. If there's no active NetSuite session, users are sent to the NetSuite login page.

    • If the Primary Authentication Method box is checked, users can be redirected to the external IdP login page, but the site must be password protected and on the secure Single Domain.

      Users are redirected to the IdP login page when their session times out.

      Note:

      If the Primary Authentication box is checked and a user clicks a link with the c or compid URL parameter or the account-specific domain URL, they're redirected to the external IdP login page. The original URL is passed as a RelayState parameter, following the SAML 2.0 specification. Then, the IdP directs the user back to the right NetSuite resource after authentication. If there's an active IdP session, the user returns to the NetSuite resource without having to enter credentials again.

In the Set Up Identity Provider section on the SAML subtab, you need to upload your IdP’s metadata file into NetSuite or provide its URL. See Set Up Your Identity Provider (IdP) in NetSuite for more information.

After setting up an identity provider, you can click the links to view the Current Identity Provider Metadata or Delete IDP Configuration if needed.

Related Topics

General Notices