space.vars.productName without entering a separate username and password. Instead, they use the same login they already use for other company systems. This page provides an overview of setting up SSO.
## What is Single Sign-On
Single Sign-On (SSO) means users authenticate once with your organisation's login system and then automatically gain access to the space.vars.productName portal without being asked for credentials again.
Benefits include:
* **Convenience:** Users don't need to remember a separate password for the portal
* **Security:** Authentication is handled by your organisation's centralised identity system
* **Efficiency:** Faster login experience, especially for employees already logged in to company systems
## Prerequisites
Before setting up SSO, make sure you have:
* [ ] An identity provider (Microsoft Azure AD, Okta, OneLogin, or similar) already in use at your organisation
* [ ] Administrator access to both NetSuite and your identity provider
* [ ] space.vars.productName installed and basic access working with standard logins
* [ ] The SSO integration details from In8Sync (if required)
{% hint style="info" %}
Get space.vars.productName fully working with standard NetSuite logins first, then add SSO afterwards. This makes troubleshooting easier.
{% endhint %}
## Overview of the setup process
Setting up SSO for space.vars.productName involves configuration in two places: your identity provider and NetSuite.
### In your identity provider
{% stepper %}
{% step %}
### Create an application registration
Register a new application for space.vars.productName in your identity provider.
{% endstep %}
{% step %}
### Configure URLs
Set the login and redirect URLs (provided by In8Sync).
{% endstep %}
{% step %}
### Map user attributes
Set up user-attribute mapping so the identity provider sends the correct user information.
{% endstep %}
{% step %}
### Assign users
Assign the appropriate users or groups to the application.
{% endstep %}
{% endstepper %}
### In NetSuite
{% stepper %}
{% step %}
### Open SAML Single Sign-On
Go to **Setup > Integration > SAML Single Sign-on** (or the appropriate SSO settings for your method).
{% endstep %}
{% step %}
### Trust your identity provider
Configure NetSuite to trust your identity provider.
{% endstep %}
{% step %}
### Upload IdP credentials
Upload or enter the identity provider's certificate or metadata.
{% endstep %}
{% step %}
### Map identities to NetSuite users
Map the incoming user identity to NetSuite user records.
{% endstep %}
{% step %}
### Test the connection
Confirm the trust relationship works.
{% endstep %}
{% endstepper %}
{% hint style="info" %}
The exact steps vary depending on your identity provider and the SSO method used (SAML, OAuth, or another protocol). Contact In8Sync for setup instructions specific to your environment.
{% endhint %}
## Testing SSO
After configuration:
1. Open the space.vars.productName portal URL in a browser where you're already logged in to your identity provider.
2. You should be automatically logged in to the portal without seeing a login screen.
3. If you're prompted for credentials, the SSO configuration may need adjustment.
Test with several different user types to make sure all roles work correctly:
* [ ] Test with an employee user
* [ ] Test with a customer user (if applicable)
* [ ] Test with different roles to verify each sees the correct portal pages
## What users experience
Once SSO is configured:
* **Already logged in to company systems:** The portal opens directly without a login screen.
* **Not yet logged in:** The user is redirected to your organisation's standard login page; after logging in there, they're sent back to the portal automatically.
* **Session expired:** The user may be asked to re-authenticate through the identity provider.
## Fallback access
{% hint style="warning" %}
Maintain at least one administrator account that can log in without SSO. This ensures you can always access the portal for troubleshooting if there's a problem with the identity provider.
{% endhint %}
## Common issues
| Problem | Possible cause | Solution |
| ------------------------------------------ | --------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- |
| User redirected to login but gets an error | Identity provider configuration is incorrect | Check the redirect URLs and application settings in your identity provider |
| User logs in but gets "access denied" | The user's identity provider account isn't mapped to a NetSuite user with portal access | Verify the user has a matching NetSuite record with **Portal Access** enabled |
| SSO works for some users but not others | Some users may not be assigned to the application in the identity provider | Check user or group assignments in your identity provider |
| Loop between portal and login page | Certificate or trust configuration mismatch | Verify the identity provider certificate in NetSuite is current and correct |
## Getting help
SSO configuration depends on your specific identity provider and network setup. For help:
* Contact **In8Sync support** for space.vars.productName-specific SSO guidance.
* Contact your **identity provider's support** for configuration help on their side.
* Contact your **NetSuite account manager** for NetSuite SSO feature questions.
## Related Pages
| Give User Access | Granting access: required before SSO works. | /pages/kj0wIYbCw5oo477q39gd |
| Users Overview | How user access works in space.vars.productName. | /pages/VstrcxnPHJoNofmk5i1Y |
| Access Issues | Troubleshoot login problems including SSO redirects. | /pages/9AUqCeZ4JQOYvcWGMnbq |