Table of Contents
NetSuite For Single Sign-on (SSO) Integration With Microsoft Entra ID – Technical Overview
NetSuite for Single Sign-on (SSO) is securely enabled by Microsoft Entra ID (formerly Azure Active Directory) using the SAML 2.0 protocol. This integration allows users to access NetSuite by logging in with their Microsoft 365 credentials, eliminating the need for a separate NetSuite username and password. With Microsoft Entra ID acting as the Identity Provider (IdP) and NetSuite as the Service Provider (SP), authentication is centralized, streamlined, and secure.
Key Components
| Component | Description |
| Microsoft Entra ID (IdP) | Handles user authentication and issues security tokens. |
| NetSuite (SP) | Relies on Entra ID for validating user identity and granting access. |
| SAML 2.0 Protocol | Used for exchanging authentication data between Entra ID and NetSuite. |
| Federation Metadata | XML file used to establish trust between Entra ID and NetSuite. |
Working Mechanism (Step-by-Step)
Data Flow Diagram
Data Flow Summary
| Step | Data Object | Direction | Description |
| 1 | Login Request | User → NetSuite | User attempts to access NetSuite. |
| 2 | SAML Authn Request | NetSuite → Entra ID | NetSuite redirects user to Entra ID for authentication. |
| 3 | Credentials | User → Entra ID | User provides Microsoft credentials or completes MFA. |
| 4 | SAML Assertion | Entra ID → Browser | Entra ID issues a signed assertion confirming identity. |
| 5 | SAML Response | Browser → NetSuite | Browser posts assertion to NetSuite ACS URL. |
| 6 | Certificate Validation | NetSuite Internal | NetSuite validates the signature using the X.509 certificate. |
| 7 | Session Token | NetSuite → User | NetSuite grants user access by creating an authenticated session. |
Configuration Summary of Microsoft Entra ID Single Sign-On (SSO) in NetSuite
- In Microsoft Entra ID
- Go to Entra Admin Center → Enterprise Applications → Add NetSuite.
- Configure SAML-based SSO with the following values:
- Identifier
- Reply URL (ACS)
- Download the Federation Metadata XML.
- Assign users/groups to the application.
- In NetSuite
- Enable SAML SSO: Setup → Company → Enable Features → SuiteCloud → Enable ‘SAML Single Sign-On’.
- Setup → Integration → SAML Single Sign-On → New.
- Upload the Federation Metadata XML from Entra ID.
- Map NameID to user email and enable SSO for relevant users.
- Test via MyApps portal or NetSuite URL.
- Enhanced Security – Centralized authentication with MFA and Conditional Access.
- Simplified User Experience – Single login across Microsoft and NetSuite.
- Centralized IT Management – Unified user provisioning and de-provisioning.
- Improved Compliance – Audit logging and policy enforcement via Entra ID.
NetSuite for Single Sign-on (SSO) integration with Microsoft Entra ID leverages the SAML 2.0 protocol to deliver a secure, password-less authentication experience. It enhances security, reduces administrative overhead, and provides a seamless login experience for users. With features like MFA, Conditional Access, and centralized policy control, this setup aligns with enterprise-grade identity management standards.
