Monday, April 22, 2019

Solving SAML Error: Account must be provided using the account attribute

Problem: A user is getting the following error while testing SAML authentication.



Solution:

The NetSuite 'account' number is a required attribute when setting up SAML SSO for NetSuite. This error happens when the user did not add the 'account' attribute which is configured on the Identity Provider (IDP) platform. The user must find the steps on how to add this attribute on the IDP's documentation.

Here are the steps to confirm that there's no account attribute being passed on during the SAML authentication.

1. Get the SAML response by using SAML Tracer.  Open SuiteAnswer article (ID: 27348) for the steps on how to do so.

2. On the SAML response, review the SAML attributes found under AttributeStatement inside saml:Assertion tag.

A normal SAML assertion that contains the 'account' attribute would look like this.

Otherwise, the user would need to review the IDP documentation to determine how to add the 'account' attribute. To get the NetSuite account number, user must refer to SuiteAnswers article "Check the NetSuite Account number and environment that you're logged in." (SuiteAnswers ID:  27128)

No comments:

Post a Comment