The application needs and integration record created before the code grant flow can be initiated. You can also edit an existing integration record to use NetSuite as OIDC Provider for outbound single sign-on.
To create an integration record for an application:
- Go to Setup > Integration > Integration Management > Manage Integrations > New.
- Enter a name for your application in the Name field.
- (Optional). Enter a description in the Description field.
- Select Enabled in the State field.
- (Optional). Enter a note in the Note field.
On the Authentication tab, under OAuth2.0 check Authorization Code Grant and also which scope You want.
when saving you will get a client ID and Client Secret.
Then Next is Configure NetSuite as OIDC Provider:
To configure audience for authorized applications
- Go to Setup > Integration > Manage Authentication > NetSuite as OIDC Provider Setup
- Click the link in the Integration Name column.
- In the window, select Entities and Roles you want to enable for this application. You can select all by checking the Select All box.
Using NetSuite Well–known URI Metadata to configure the Relying Party (RP)
You can find the OIDC configuration metadata on the NetSuite as OIDC Provider Setup page. The metadata file is accessible through the Metadata URL link at the top of the page. The metadata file is specific for each account and contains all data needed to complete the setup of the relying party (RP). It is not possible to provide detailed instructions for configuring the relying party, as the configuration steps will vary.
The format of the Metadata URL is:
‘https://<accountID>.suitetalk.api.netsuite.com/.well-known/openid-configuration’
where <accountID> represents your NetSuite account ID.
NetSuite as OIDC Provider for Integration Application Developers: NetSuite as OIDC Provider for Integration Application Developers – Jobin & Jismi IT Services – Knowledge Base (jobinandjismi.in)