NetSuite MSD Tip #4 — Troubleshooting Single Sign-On (SSO) Role Issues in NetSuite
Single Sign-On (SSO) roles (via Azure AD, OKTA, etc.) cannot log in using the NetSuite login page, which makes testing tricky, especially for external consultants without SSO access. Here’s how to work around it:
Steps to create a non-SSO test role:
1. Edit the SSO role.
2. Rename it (e.g., Non-SSO AP Manager).
3. Remove the SAML Single Sign-on permission (Permissions > Setup).
4. Hover over Save, then click Save As to avoid overwriting the original.
5. Assign the new role to your Employee record (Access > Roles).
Best Practices:
1. Always test with the Administrator role first.
2. If the issue can’t be reproduced as Admin, ask for a temporary SSO login, or use the Non-SSO test role.
3. Be aware: scripts deployed to specific roles may not run under the test role.
4. Once it's resolved, please just inactivate the test role to avoid confusion.
5. Always consult your NetSuite team before making these changes.
Need NetSuite Managed services and support? Send us a message!
