Security & Authentication Updates in NetSuite 2025.1
NetSuite 2025.1 introduces critical security and authentication updates designed to enhance data protection, strengthen access control, and align with modern security standards. These updates primarily focus on Single Sign-On (SSO), OAuth protocols, and authentication methods, ensuring businesses operate in a more secure and compliant environment.
End of Support for Outbound Single Sign-On (SuiteSignOn)
What’s Changing?
- SuiteSignOn is fully deprecated in NetSuite 2025.1.
- This change follows its initial removal from non-production accounts in 2024.1 and now extends to production accounts.
- Users must transition to NetSuite as an OpenID Connect (OIDC) Provider, which offers a more secure authentication framework.
Impact & Next Steps
- Integrations and third-party applications currently relying on SuiteSignOn must be reconfigured to use OIDC-based authentication.
- Organizations should review their authentication settings immediately to prevent disruptions.
- To avoid downtime, NetSuite strongly recommends completing the transition before the upgrade.
Benefits of OIDC Over SuiteSignOn
- Enhanced security through OAuth 2.0-based authentication.
- Seamless integration with modern identity providers (IdPs).
- Improved session management and user access controls.
End of Support for RSA PKCSv1.5 Scheme for OAuth 2.0
What’s Changing?
- The RSA PKCSv1.5 signing scheme for OAuth 2.0 token authentication will be deprecated as of March 1, 2025.
- NetSuite will require a more secure authentication method using either the RSA-PSS scheme or an Elliptic Curve (EC) key.
Impact & Next Steps
- Integrations relying on RSA PKCSv1.5 must be updated to support RSA-PSS or EC-based encryption.
- NetSuite advises early testing and validation of new OAuth authentication methods to ensure a smooth transition.
Why This Matters
- RSA-PSS and EC keys provide stronger cryptographic security, reducing vulnerabilities in OAuth-based authentication.
- These updates align NetSuite with global security best practices, minimizing risks from cyber threats and unauthorized access.
Enhancements to AI-Based Authentication & User Access Logs
AI-Powered Authentication & Risk Detection
- NetSuite now allows administrators to configure AI-based authentication alerts.
- Impact: Businesses can proactively detect suspicious logins, prevent account compromises, and enhance user verification processes.
Personal Information Access Logs Workbook
- The Compliance 360 SuiteApp includes enhanced audit logs, providing more detailed tracking of user access.
- Impact: Organizations gain improved visibility into who accessed personal data, when, and why, aiding regulatory compliance with GDPR, CCPA, and other data protection laws.
Changes to Authentication Behavior in SuiteCloud SDK
Secure Credential Storage in SuiteCloud SDK
- The SuiteCloud SDK authentication system now uses PKCS#12 (PFX format) for credential storage.
- Credentials are encrypted and password-protected on local machines.
Impact & Actions
- Users must re-authenticate after upgrading to SuiteCloud SDK 2025.1.
- The new authentication system enhances security and eliminates repeated login prompts.
- Developers should update scripts and integrations to comply with SuiteCloud SDK 2025.1 requirements.
SuiteScript & API Security Enhancements
Changes to Audience Settings for Script Deployments & SPAs
- New behavior for defining user access in SuiteScripts:
- Internal and external roles are now categorized separately.
- The “Select All” option applies only to internal roles.
- Impact: This change prevents unintentional script exposure to external roles, reinforcing system security.
Removal of Ext JS Library in 2025.1
- Ext JS, an outdated JavaScript framework, is being removed from NetSuite.
- Impact: Developers must update custom scripts to remove dependencies on Ext JS to ensure compatibility.
Key Takeaways for Security & Authentication Enhancements in NetSuite 2025.1
- SuiteSignOn (SSO) is fully deprecated – migrate to OIDC-based authentication as soon as possible.
- RSA PKCSv1.5 is no longer supported for OAuth 2.0 – update to RSA-PSS or EC keys before March 1, 2025.
- AI-powered authentication enhancements strengthen fraud detection and risk monitoring.
- Enhanced audit logging in Compliance 360 SuiteApp improves regulatory compliance and user access tracking.
- Secure credential storage in SuiteCloud SDK reduces authentication vulnerabilities and enhances security.
- Developers must update SuiteScripts and remove Ext JS dependencies to maintain system compatibility.
