Configuring SAML for Netsuite

REQUIRED ACCOUNT/PERMISSION LEVEL

Bitium: All account levels; must be an admin to set up

Netsuite: Enterprise accounts only; admin with Enable Features permissions

In Bitium:

  1. Go to “Manage Apps.”

  2. Select “Netusite” from the list of installed apps.

  3. Select the “Single Sign-On” tab.

  4. From the dropdown, select “SAML Authentication.”

    Select SAML Authentication

  5. Copy Login URL, and Logout URL, and download the Metadata XML from Bitium.

    Copy URLs and Download Metadata

In Netsuite

  1. Navigate to Setup > Company > Enable Features.

    Enable Features

  2. Click on the SuiteCloud tab.

  3. Scroll down to Manage Authentication and ensure the SAML SINGLE SIGN-ON option is checked.

    Check Single Sign-On

  4. Click “Save.”

  5. Navigate to Setup > Integrations > SAML Single Sign-On.

    SAML Single Sign-on

  6. Copy the Netsuite Service Provider Metadata. Paste this into a new tab in the url bar to view the metadata.

    Copy SP Metadata

  7. Copy the Entity ID value in the metadata.

    Locate and Copy Entity ID

  8. Copy the AssertionConsumerService default Location value.

    Locate and Copy the ACS URL

  9. Paste the Logout URL copied from Bitium in Step 5 into the Logout Landing Page field in Netsuite.

  10. Paste the Login URL copied from Bitium in Step 5 into the Identity Provider Login Page in Netsuite.

    Paste Logout and Login URL

  11. Select the “Upload IDP Metadata File” tab in Netsuite to upload the Metadata XML file downloaded from Bitium in step 5.

    Upload IDP Metadata File

  12. Click “Submit.”

  13. Navigate to Setup > Integrations > Web Service Preferences.

  14. Copy your Account ID.

    Copy Account ID

In Bitium

  1. Paste Entity ID value copied from Netsuite in step 7 into the Entity ID field in Bitium.

  2. Paste the AssertionConsumerService default Location value copied in step 8 into the ACS URL field in Bitium. This will probably take the form of “https://your-netsuite-instance.netsuite.com/saml2/acs”.

  3. Paste the Account ID copied in step 14 into the Account field in Bitium.

    Paste Entity ID, ACS URL, and Account ID

  4. Click “Save” in Bitium.

In Netsuite

  1. Navigate to Setup > Users/Roles > Manage Roles.

  2. Choose a role you would like to have SAML access (e.g. Customer Service Rep).

    Choose a Role

  3. Click “Edit.”

  4. Under Permissions, select “Setup.” Click the dropdown menu to apply a permissions to this role. The two SAML related roles include:

    • Set Up SAML Single Sign-on - allows users other than NetSuite account administrators to view and edit the SAML Setup page. (Administrators have this permission already.)

    • SAML Single Sign-on - allows users to log in using SAML single sign-on. (The SAML Single Sign-on permission will need to be assigned to a role before users with that role will be able to log in with SAML.)

      Apply Permission

Note: The NetSuite account administrator role does not have SAML Single Sign-on permission and no user can log in using SAML single sign-on as an administrator. This is to prevent a situation in which they could be locked out of the account.