OpenID Connect (OIDC) Access to Web Store

This topic applies to

Applies to

SuiteCommerce | SuiteCommerce Advanced

OpenID Connect (OIDC) can be used as an alternative to SAML Single Sign-on. With OIDC, users have autonomy over security administration, because an OpenID Connect Provider (OP) manages security administration. OIDC access is supported for Commerce web stores.

Important

Before you attempt to set up OIDC access to your web store, read and understand the complete documentation for using OIDC in NetSuite. See the help topic OpenID Connect (OIDC) Single Sign-on.


You can use any certified OpenID Connect Provider (OP). To find a certified OP vendor, go to https://openid.net/certification. You can use the same OP vendor for both web site access and NetSuite application access, or you can use a different OP for each purpose.

The following restrictions apply to the use of OIDC for Commerce websites:

  • OIDC access is supported only for websites on custom domains, not on netsuite.com.

  • You cannot use both SAML Single Sign-on and OIDC Single Sign-on for the same website. You must choose one single sign-on method.

  • All users must use the same type of credentials, either login in using the website login form or OP login form.

  • A website must be fully protected to support OIDC Single Sign-on feature. To provide this protection, you must do the following:

    • On the Set Up Web Site, on the Web Presence subtab, in the Web Site section, check the Advanced Site Customization box.

    • Go to Setup > Site Builder > Set Up Web Site. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box.

Important

The OIDC configuration is not shared between the NetSuite application and Commerce websites. An Administrator must configure OIDC on the SSO tab of the website’s setup page. Website users must be assigned a role with the OpenID Connect (OIDC) Single Sign-on permission to log in to the website successfully.


Before you begin, make sure that the OpenID Connect (OIDC) feature is enabled in your NetSuite account. Go to Setup > Company > Enable Features. On the SuiteCloud tab, in the Manage Authentication section, check the OpenID Connect OIDC Single Sign-on box. See the help topic Enable the OpenID Connect (OIDC) Single Sign-on Feature in NetSuite for more information.

To set up OIDC for a web store, go to the Set Up Web Site page, on the SSO tab, and click the OIDC Provider Configuration subtab. Most fields on this subtab are the same as those on the OpenID Connect (OIDC) Setup page for the NetSuite application. For more information, see the help topic Configure OpenID Connect (OIDC) in NetSuite.

If the Multiple Web Sites feature is enabled, you can set up OIDC for different web stores by completing the OIDC Provider Configuration subtab of the Set Up Web Site page for each web store. You can use the same OP vendor for multiple web sites. You also have the option of defining different OP vendors for each web site if needed.

On the OIDC Provider Configuration subtab, you must configure the following:

  1. Client ID and Client Secret – enter values you obtained from your OP. See the help topic Register NetSuite with Your OpenID Connect Provider for more information.

  2. Choose either Set Configuration From URL or Set Configuration Manually. In both fields, enter values you obtained from your OP. See the help topic Register NetSuite with Your OpenID Connect Provider for more information.

  3. Click Save.