Configuring SAML for Netsuite
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an admin to set up
Netsuite: Enterprise accounts only; admin with Enable Features permissions
Go to “Manage Apps.”
Select “Netusite” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Copy Login URL, and Logout URL, and download the Metadata XML from Bitium.
Navigate to Setup > Company > Enable Features.
Click on the SuiteCloud tab.
Scroll down to Manage Authentication and ensure the SAML SINGLE SIGN-ON option is checked.
Navigate to Setup > Integrations > SAML Single Sign-On.
Copy the Netsuite Service Provider Metadata. Paste this into a new tab in the url bar to view the metadata.
Copy the Entity ID value in the metadata.
Copy the AssertionConsumerService default Location value.
Paste the Logout URL copied from Bitium in Step 5 into the Logout Landing Page field in Netsuite.
Paste the Login URL copied from Bitium in Step 5 into the Identity Provider Login Page in Netsuite.
Select the “Upload IDP Metadata File” tab in Netsuite to upload the Metadata XML file downloaded from Bitium in step 5.
Navigate to Setup > Integrations > Web Service Preferences.
Copy your Account ID.
Paste Entity ID value copied from Netsuite in step 7 into the Entity ID field in Bitium.
Paste the AssertionConsumerService default Location value copied in step 8 into the ACS URL field in Bitium. This will probably take the form of “https://your-netsuite-instance.netsuite.com/saml2/acs”.
Paste the Account ID copied in step 14 into the Account field in Bitium.
Click “Save” in Bitium.
Navigate to Setup > Users/Roles > Manage Roles.
Choose a role you would like to have SAML access (e.g. Customer Service Rep).
Under Permissions, select “Setup.” Click the dropdown menu to apply a permissions to this role. The two SAML related roles include:
Set Up SAML Single Sign-on - allows users other than NetSuite account administrators to view and edit the SAML Setup page. (Administrators have this permission already.)
SAML Single Sign-on - allows users to log in using SAML single sign-on. (The SAML Single Sign-on permission will need to be assigned to a role before users with that role will be able to log in with SAML.)
Note: The NetSuite account administrator role does not have SAML Single Sign-on permission and no user can log in using SAML single sign-on as an administrator. This is to prevent a situation in which they could be locked out of the account.