In NetSuite, the “SAML Single Sign-on” role permission allows users to log in using SAML-based Single Sign-On (SSO), which is an authentication method that enables users to access NetSuite through an external Identity Provider (IdP) like Okta, Azure AD, or OneLogin without entering separate NetSuite credentials.
Key Points about the SAML Single Sign-on Permission:
- Purpose: Grants the ability to log in to NetSuite via SAML SSO instead of the standard username/password method.
- Permission Type: It is a Setup type permission and only supports Full access level.
- Assignment: This permission must be explicitly added to a role for a user to be able to log in via SAML. Without it, SAML login will fail.
- Limitations:
- You cannot add this permission to roles that have SuiteAnalytics Connect permission.
- Roles with this permission cannot be switched to non-SAML roles during a session for security reasons.
- If a role has both 2FA and SAML SSO, the SAML SSO takes precedence, and 2FA is bypassed.
- Administrator roles do not support SAML SSO to ensure there’s always a way to access NetSuite directly in case of IdP issues.
Additional Related Permission:
- Set Up SAML Single Sign-on: Allows users (typically admins) to configure the SAML SSO settings in NetSuite.
For more detailed steps on how to add this permission to a role, you can refer to Oracle’s official documentation.