This topic describes how to configure OneLogin to provide SSO for NetSuite using SAML.
If you want to set up SSO for NetSuite with form-based authentication, see Adding a Form-Based Application.
Setting Up SSO in OneLogin
- Go to to Apps > Add Apps.
- Search for NetSuite and select it.
On the Add App page - Configuration tab, select SAML2.0 - user provisioning under Connectors.
You can change the Display Name.
Click Save to display additional configuration tabs.
- On the Configuration tab, enter your NetSuite account information.
- For Endpoint URL Subdomain, select na1 unless told otherwise by your NetSuite support team.
- Under Account ID, enter your NetSuite Account ID.
- Click Save.
- Go to the Parameters tab to map NetSuite user attributes to OneLogin attributes.
For SSO configuration, the default mappings are as follows:
NetSuite Field OneLogin Value Notes Department -No value- This value can be provisioned. See Provisioning for NetSuite. Employee ID -No default- This value can be provisioned. See Provisioning for NetSuite. Employee Type -No value- Give Access False Hire Date -No value- If you want to provision the custom user field of Hire Date to your NetSuite users, you can select the field by clicking the Hire Date row. For instructions, see Provisioning for NetSuite.
Note: This requires your account to support Custom User fields. For more information, see Custom User Fields.
Password SSO Password SAML-enabled apps use the OneLogin password as the app password. Purchase Order Approver -No value- Role -No value- If you want to provision users as members of a NetSuite Role, you can specify available Role values here by clicking the Role row. For instructions, see Provisioning for NetSuite. Subsidiary -No value- Supervisor -No value- Title Title User ID
- On the Access tab, assign the OneLogin roles that should have access to NetSuite and provide any app security policy that you want to apply to NetSuite.
- On the SSO tab, copy the SAML2.0 Endpoint (HTTP) and SAML Issuer URL.
Setting Up SSO in NetSuite
- Log into the NetSuite admin dashboard.
- In the navigation menu, click Setup to configure SAML.
- Go to Integration > Single Sign-on Tasks > SAML Single Sign-on.
- Select Primary Authentication Method.
- Enter your OneLogin SSO connection information.
- In the Logout Landing Page field, enter https://app.onelogin.com/client/apps
- In the Identity Provider Login Page field, enter your SAML HTTP Endpoint URL.
- In the Indicate IdP Metadata URL, enter your SAML Issuer URL.
This will automatically update the Identity Provider with the latest issuer URL and will be represented accordingly.
- Click Submit.
- Select the navigation menu and click Setup to configure NetSuite Roles.
Single sign-on for NetSuite is configured on a role-by-role basis, meaning each role in NetSuite needs to be configured individually.
- Go to Users/Roles > Manage Roles.
- Select the Role you want to configure for SSO and click Edit.
- Under Permissions, search for SAML Single Sign-on and then click Add.
- Ensure Level is set to Full.
- Click Save.
- Repeat section 4 for each NetSuite Role you want to enable SSO for.
OneLogin and NetSuite should now be connected through SAML.
Troubleshooting Email Mismatch
In some cases, the NetSuite admin email may not match the OneLogin admin email. This can be remedied by doing the following:
- Go to Users > Account_Owner.
- Select the Applications tab.
- Select NetSuite to open the Edit Login pane.
- Overwrite the default NetSuite login fields with the correct credentials.