This article will guide Australian customers through the process of setting up Token Based Authentication (TBA) for Netsuite:
1. Token-Based Authentication must first be enabled in the Netsuite account.
Enable the features:
Under Setup > Company > Setup Tasks > Enable Features navigate to the SuiteCloud subtab. Enable the required features:
-
Client SuiteScript
-
Server SuiteScript
2. Setting up Token Based Authentication roles.
Token Based Authentication is a per user authentication and requires certain permissions in NetSuite. An existing role can be used (recommended) or a new role can be created.
The relevant role permissions are under the ‘Setup’ subtab. The following token-based authentication permissions can be added to non-administrator roles as appropriate.
Access Token Management
- Users with this permission can create, assign, and manage tokens for any user in the company.
- Users with this permission cannot use token–based authentication to log in to the NetSuite UI.
Log in using Access Tokens
- Users with this permission can manage their own tokens using the Manage Access Tokens link in the Settings portlet, and they can log in using a token.
User Access Tokens
- Users with only this permission can log in using a token, that is, they can to use tokens to call a RESTlet.
- Users with only this permission cannot manage tokens or access pages where tokens are managed.
Assigning Users to Token-based Authentication Roles
The Token Authentication Role will need to be assigned to all employees associated with the integration under ‘Access’ subtab on their employee record
-
Go to Lists > Employees > Employees.
-
Click Edit next to the name of the employee you want to assign the token-based authentication role.
-
Click the Access subtab.
-
In the Role field, select the token-based authentication role for this employee.
-
Click Add.
-
Click Save.
You will also need to ensure that all users wishing to login with TBA have the following permissions: Global Permissions > Web Services = Full and Global Permissions > Departments = View (or higher access level).
3. Create the integration record
Creating the Integration Record (the application for Token Based Authentication) is how you will retrieve the Consumer Key and Consumer Secret.
IMPORTANT: At the end of this step, you must save the values for Consumer Key and Consumer Secret. You will not be able to retrieve them once you leave the confirmation screen. If you do not save these values, you will need to repeat Step 3 again.
Before connecting with a token, an integration record is required for authentication. A new integration record should be used and can be created by navigating to Setup > Integrations > Manage Integrations > New.
The name field should be filled in along with ensuring that the ‘TOKEN-BASED AUTHENTICATION (TBA)’ checkbox is checked. You can uncheck 'USER CREDENTIALS' if you want users to authenticate only using tokens. You may name the integration whatever you wish, such as "Deputy Integration" or "Deputy App".
Upon saving you will be given a Consumer Key / Consumer Secret.
Note: Save these values for Consumer Key and Consumer Secret. You will not be able to retrieve them once you leave this screen. If you do not save these values, you will need to repeat Step 3 again.
4. Creating the Token
IMPORTANT: At the end of this step, you must save the values for Token ID and Token Secret. You will not be able to retrieve them once you leave the confirmation screen. If you do not save these values, you will need to repeat Step 4 again.
With the integration record created and the proper role assigned, a token can be created for a user for authentication.
To create a token, have the user with the token authentication role login. Click the ‘Manage Access Tokens’ link available on the home dashboard under settings.
Create a new token and select the Application Name that corresponding to the associated integration record created earlier.
Again, a Token ID and Token secret will be provided.
Note: Save these values for Token ID and Token Secret. You will not be able to retrieve them once you leave this screen. If you do not save these values, you will need to repeat Step 4 again.
5. Next steps to connect to Deputy
Go back to your Deputy account and enter all of the details you gathered during the above process: Consumer Key, Consumer Secret, Token ID, Token Secret.
Follow this guide to connect your Netsuite account to Deputy.