Customers might be asking why an administrator could not access NetSuite via SAML Single Sign-on while an administrator must have access to everything.
It is by design, for security reasons. Since accessing NetSuite via SAML means that the user is authenticating from a third-party provider, the permissions allowed must be limited.
Does this mean that the user will always have to manually login if he/she wants to access his Administrator role?
Yes. If one needs to see his/her Administrator role, or be able to switch the roles that do not have a SAML Single Sign-on permission enabled, he/she needs to login with his username and password.
What if the Administrator insists to login via Single Sign-on? Will there be any other options?
Alternatively, the user can authenticate via NetSuite's proprietary Single Sign-on. This allows the user to see the other non-SAML roles that he/she has, one of which is the Administrator role. For more details regarding this, see SuiteAnswers article ID: 15041 ("Setting Up Inbound Single Sign-on").