Description:
To restrict customer login access from the NetSuite website while allowing authentication through an external Single Sign-On (SSO) provider like Okta, you can enable the Single Sign-On Only option in the role record.
Steps to Restrict Login from Website:
- Navigate to Setup > Users/Roles > Manage Roles in NetSuite.
- Select or create a role that should only allow access through SSO.
- In the role settings, check the Single Sign-On Only box.
- Save the role and assign it to the relevant users.
Effect of Enabling Single Sign-On Only:
- Users with this role will not be able to log in through the NetSuite UI or web services.
- Login attempts via the NetSuite website will result in an “Incorrect email or password” error.
- Users can only access NetSuite through an inbound SSO mechanism (e.g., Okta, certificate-based SSO, or OpenID).
- Even if users attempt to reset their password through the Forgot Password feature, they will still be unable to log in from the website.
This configuration ensures strict control over user authentication and prevents direct access outside of the SSO framework.
For more details, refer to NetSuite’s official documentation on Inbound Single Sign-On.