As of November 28, 2019, CloudExtend launched a new login flow in Preview mode that completely eliminates the steps in this article. Please refer to this article for more information on the new login flow including how you can get it now.

If you have the Preview Version of our App the steps below are no longer required as of November 28, 2019 and are only listed for historical purposes.

CloudExtend Outlook for NetSuite  uses web services to interact with NetSuite. When logging in via SSO, CloudExtend authorizes the user with third party IDP credentials. However, in order to make integration calls via web services NetSuite requires additional Token Based Authentication. Because of this there are a few one time setup steps to take.

This article is meant only to provide an overview of what to expect. Our engineers will work with you to enable SSO.

Who should be on the call.

  • Your NetSuite Admin (or a user with permissions to create user tokens for token based authentication)
  • The individual responsible for managing subscriptions at
  • The individual responsible for managing your IDP

High level steps involved in enabling SSO for CloudExtend

Step 1: Setup New SAML App in your IDP Admin console  
In this step, your IDP admin would be required to create a custom SAML Integration app that enables a dialogue between IDP and CloudExtend.
Estimated Time: 30 minutes

Step 2: Add custom attributes to newly created app to store Encrypted NetSuite Token and Secret  

Once the new app is created, admins need to add custom attributes under this app and these attributes will hold NetSuite tokens which will be sent to CloudExtend on successful authorization.
Estimated Time: 15 minutes

Step 3: Generate NetSuite Token & Secret for each licensed user  

  • Before proceeding to this step, admins need to install CloudExtend Bundle that deploys the required integration record in your NetSuite Account. 
  • Once the bundle is installed, for each licensed user NetSuite admin need to create a Tokens under the integration CloudExtend (Token Based Auth
    Estimated Time:  2 minutes per user 

Step 4: Add user licenses in Celigo Subscriptions Portal  

This step is performed in CloudExtend license portal ( Here admins would be required to add their NetSuite Account Number, enable user licenses and account access restriction.
Estimated Time: 2 minutes per user

Step 5 : Enable SSO & encrypt tokens in portal

Once accounts & licenses are configured, the subscription portal admin would be required to encrypt the NetSuite tokens generated in step 3 using the token encryption tool inside the subscription portal. This is required to make sure that NetSuite tokens are not stored in a human readable format in 3rd party systems outside of NetSuite.
Estimated Time: 2 minutes per user

Step 6: Assign the new SAML App to users and add Encrypted tokens  

Finally the encrypted tokens in Step 5 are required to be stored in the IDP against each user in the custom attributes created in Step 2.
Estimated Time: 2 minutes per user

We understand that it requires a considerable effort to set it up. We suggest that you email us when you are ready to set up and go through the mentioned process. Our support team will setup a 45 minute call with one of the CloudExtend engineers who will walk you through and help with the setup.

Did this answer your question?