The SAML Single Sign-on (SSO) feature lets you set up SAML SSO web site access so that users who have logged in to an external application using SAML can click a link to go directly to a NetSuite web store. Users do not need to log in separately to the web store, because authentication from the same third-party identity provider (IdP) is used for login to both the external application and the web store. A user who accesses a web store using SAML SSO is directed to a landing page that you specify as part of SAML setup in NetSuite. SAML SSO access is supported for Commerce and SiteBuilder web stores.
Before you attempt to set up SAML access to your web store, read and understand the complete documentation for using SAML SSO in NetSuite. See the help topic SAML Single Sign-on.
Any SAML 2.0-compliant application can serve as the IdP for SAML access to NetSuite web stores. You can use the same IdP for both web site access and NetSuite application access, or you can define different IdPs for each purpose.
Only an IdP-initiated flow is supported for SAML access to a Commerce web store.
Before you begin, ensure that the SAML SSO feature is enabled in your NetSuite account. Go to Setup > Company > Enable Features, and click the SuiteCloud tab. Under the Manage Authentication section, check the SAML Single Sign-on box to enable SAML SSO. See the help topic Complete Preliminary Steps in NetSuite for SAML SSO for more information.
To set up SAML Single Sign-on for a web store, go to the SAML subtab of the SSO subtab of the Web Site Setup page in your NetSuite account. Most fields on the SAML subtab of the SSO subtab of the Web Site Setup page are the same as those on the SAML Setup page for the NetSuite application. For more information, see the help topic Complete the SAML Setup Page.
If the Multiple Web Sites feature is enabled, you can set up SAML for different web stores by completing the SAML subtab of the Web Site Setup page for each web store. You can use the same IdP for multiple web sites. You also have the option of defining different IdPs for each web site if needed.
In the NetSuite Configuration section on the SAML subtab:
Configure NetSuite for SAML SSO with your identity provider (IdP) and set up your IdP in NetSuite. You must provide information from the NetSuite Service Provider Metadata file in NetSuite to your IdP. Follow the instructions provided by your IdP. For more information, see the help topic Configure NetSuite with Your Identity Provider.
The parameters site ID (SAML attribute = site ) and account ID (SAML attribute = account) are required. See the help topic Site Attribute.
Logout Landing Page enter the URL for a page that users should be redirected to when they log out of your web store.
Neither IdP–initiated nor SP-initiated SAML Single Logout (SLO) functionality is supported for web stores.
The following solution is not part of the SAML 2.0 standard. If SP-initiated SLO is desired, and if your IdP supports this functionality, you could enter the Single Logout Service URL of your IdP in the Logout Landing Page field. There is no guarantee that this will work.
The Landing Page After Login field is specific to SAML setup for web stores. By default, your site home page is the landing page for SAML users, but you can specify the URL for a different landing page in this field.
In the Set Up Identity Provider section on the SAML subtab, you must either upload your IdP’s metadata file into NetSuite, or provide the URL where that file is located. See the help topic Set Up Your Identity Provider (IdP) in NetSuite for more information.
The URL shown in the following screenshot in the NetSuite Service Provider Metadata field is obscured, because the URL varies depending on depending on the data center where your account is hosted.
After you completed set up of an identity provider, you can click the links to view the Current Identity Provider Metadata, or to Delete IDP Configuration, if necessary.