Using Okta with NetSuite single sign on functionality

We have enabled SSO for our NetSuite account using an external IDP and we are trying to setup Okta with one of our internal applications against the same IDP. I was able to setup the SSO flow using the following guide:

The output of the flow is a id_token (JWT token) which I believe can be used to fetch the user’s claims. Here we have run into an issue where we can no longer make NetSuite Webservices calls as we no longer prompt the user for credentials.


  • Is there a way to exchange the JWT token for another token on the NetSuite side which we can use to make NetSuite webservice API calls?
  • One option that we were considering was using a NetSuite TBA token saved as a custom claim. Is this something that is advisable?