General question regarding SAML SSO. My company uses SAML SSO for our Employee Center Roles. This allows the employee to view paystubs and other HR related task. It also allows them to make purchase order request that will then get routed for approval. When logged into my other roles via not SSO, I can't see the role. Seems to be a limitation that NetSuite acknowledges. But this also means I can't test in SB with this role either. I have assigned myself that role in SB and I can't access it at all. Even with signing on through SSO, in the drop down menu for role selection it is not there. Am I missing something that is obvious?

I think you can change between all the SSO roles, or between all the non-SSO roles. But you can't mix them. They are non visible in the drop down menu if the auth method is different.

I have assigned myself that role in SB and I can't access it at all. Even with signing on through SSO, in the drop down menu for role selection it is not there

That shouldn't be the case. We use this option all the time. If you login via SSO, you should not see your Administrator role, but you should see any other SSO roles so you can test. Is the role flagged as an SSO role? Or maybe it's just "stuck" a bit and you need to give it a few minutes, log out and back in, etc. But that option definitely works.

So I assigned the role to me last night and thought it just might be stuck. Logged into day on SB and didn't see it. On the authentication options on the role it has Single Sign-On Only as unchecked. Under Permissions and Setup "SAML Single Sing-on" is at a Full level. When referring to "flagged as an SSO role" what are you referring to?

The permission and checkbox were what I was referring to. I thought we had SSO only checked, but I'm looking and we don't, so the only thing we have different on an SSO role is the SAML SSO permission. We have all our roles (including SSO) set up the way below (screenshot) also, which I wouldn't think should be causing any SSO issues if your settings don't match. I know it's kind of a "turn it off and back on" troubleshooting option, but maybe try removing the role, saving your EE record, and then adding it back? If that doesn't work, you might need to talk to support because it sounds like you're set up exactly like we are and ours does what you're looking for.

And we don't have 2FA enabled.