This proposal covers the scope of adding a single sign-on system to websites that use Azure B2C as a third-party identity provider for login.
Proposal Summary
This proposal covers the scope of adding a single sign-on system to websites that use Azure B2C as a third-party identity provider for login. Customers can login through an Azure B2C account for the suite commerce website without logging in directly to the webstore.
Requirement
- Add a Single Sign-On (SSO) to the Suite commerce advance website, which uses Azure B2C as the third-party identity provider (IdP) with just-in-time (JIT) user provisioning through NetSuite.
Our Solution
- NetSuite is providing two types of Single Sign-On (SSO) methods for implementing it. SAML SSO and OpenID Connect (OIDC) methods, and both can be integrated by Azure B2C as an identity provider; however, we can only implement these on non-NetSuite domains, that is, custom domains that don’t have netsuite.com on them.
- We prefer the SAML SSO method because we can add single sign-on features for the specific Users and roles are created on the NetSuite; only the users to whom we have assigned the SAML SSO can be logged through both the Microsoft Azure B2C account and email, while others can be logged through the email and password as before.
Sample Image
Assumption
- We assume that the suitecommece webstore is fully protected.
- We assume that the Azure AD account will be provided with administrative access to set up the SSO.
- We assume that domain provider account will be provided for setting up DNS record for SSO verification.
- We assume that OpenID Connect (OIDC) is not integrated since NetSuite only supports one SAML SSO or OpenID Connect (OIDC) at a time for a single webstore.