Inbound Single Sign-on Access to Web Store

This topic applies to

Applies to

SuiteCommerce | SuiteCommerce Advanced



The NetSuite proprietary Inbound SSO feature is targeted for deprecation. The deprecation schedule is as follows:

  • Targeted to occur as of the 2020.1 upgrade, customers will no longer be permitted to use this Inbound SSO feature to create new solutions.

  • Targeted to occur before the 2021.1 release, customers should migrate their existing solutions to use a different single sign-on solution. See the help topics SAML Single Sign-on and SAML Single Sign-on Access to Web Store.

The inbound single sign-on feature can provide a seamless experience for your web store users, by allowing them to go directly from your user authenticating site to the web store, without having to log in separately to NetSuite. For example, if you host your Commerce site externally and use NetSuite as the order processing service, you can route your customers directly from your site to the secure My Accounts area of NetSuite web store to check their order status.

Usually, a user would initiate inbound single sign-on access to the web store by clicking a link in your site. User credentials from your application are passed to NetSuite through an encrypted token, and are checked against NetSuite credentials to verify the user's identity. This check relies on a mapping between the two sets of credentials created by the SOAP web services maps operation.

After a user's NetSuite identity is verified, a dynamically constructed URL redirects the user from the external site to a web store landing page. By default, this page is your site home page, but you can specify a different page with a redirect URL parameter. If you use multiple sites, you can identify the site for this integration with another parameter.

NetSuite provides a downloadable kit that you can use to implement single sign-on. This kit includes tools to produce the OpenSSL keys used with the encrypted token, and to write integration code between your external site and the web store.

  • For details about understanding and setting up this feature, see the help topic Inbound Single Sign-on.

  • To purchase this feature, contact your account manager.


Inbound single sign-on is supported for custom checkout domains and multi-site implementations. You can define a custom checkout domain and/or a site ID for multi-site by setting URL parameters in single sign-on code. For details, see the help topic Creating Single Sign-on Code Using SSOUrl and Tables of Single Sign-on Redirect URL Parameters.

Inbound single sign-on also is supported for Web stores customized with SSP applications. For information about this type of customization, see SSP Application Overview.