Token Based Authentication in NetSuite. To do this:
- Go to Setup > Company > Setup Tasks > Enable Features;
- Click on the SuiteCloud subtab;
- Scroll down to the Manage Authentication section, and tick the Token-based Authentication checkbox;
- Click I Agree on the SuiteCloud Terms of Service page.
- Click Save.
Then, go back to your payroll account and from the 'Business' menu, select 'Payroll Settings' and then select 'Journals':
From the Journals screen, click the "Journal Services" button and then click "NetSuite" or "NetSuite OneWorld":
You will be required to enter the following details:
Step 1: Netsuite/NetSuite OneWorld Account Id. You can locate your Account Id by navigating to Setup -> Integration -> Web Services Preferences (in NetSuite). The Account Id appears on the top left hand side of the screen.
Step 2: You will now need to create an integration record if one doesn’t exist. The integration record identifies the payroll software in NetSuite’s system and is also what is required to create the Consumer Key and Consumer Secret. To create an integration record:
- Go to Setup > Integration > Manage Integrations > New;
- In the Name field, enter the name of the payroll application (or any other name that is easily identifiable to users);
- With the State field, keep the value as “Enabled”;
- In the Authentication subtab, tick the TOKEN-BASED AUTHENTICATION checkbox.
- Click Save.
The Consumer Key and Consumer Secret details will then be displayed on the screen. You MUST copy/paste this information in a secure location and then enter in the relevant fields in the payroll software.
Important: For security reasons, the Consumer Key and Consumer Secret values are only displayed on the initial setup page. They cannot be retrieved from the system after you navigate away from the screen.
If you (a) did not retain the Consumer Key and Consumer Secret details or (b) already have an existing integration record but have not retained the Consumer Key and Consumer Secret details, you will need to reset credentials to obtain new values. To do this:
- Click on Edit;
- Click on Reset Credentials;
- Confirm by clicking on OK.
Step 3: The NetSuite administrator role does not have token permissions by default. If you do not create a token role and assign it to your administrator, you will get a “Login access has been disabled for this role” error when creating a token. To do this:
- Go to Setup > Users/Roles > User Management > Manage Roles > New;
- Click on New Role;
- Enter a Name for the role;
- Navigate to Permissions > Setup and add the following permissions:
- User Access Token: Full
- Access Token Management: Full
- Web Services: Full
- Navigate to Permissions > Lists and add the following permissions:
- Accounts: Full
- Classes: Full
- Departments: Full
- Employee Record: Full
- Employees: Full
- Locations: Full
- Tax Items: Full
- Subsidiaries: Full (OneWorld users only)
- Navigate to Permissions > Transactions and add the following permission:
- Make Journal Entry: Full
Additional note for OneWorld users: the role must have explicit access to every individual subsidiary in the business; not just the parent subsidiary.
Step 4: The new role created in Step 3 now needs to be assigned to employee/user. To do this:
- Do a global search for "page:employees";
- Click on Edit for “Employees”;
- Click on Edit for the relevant employee;
- Navigate to Access (subtab) > Roles;
- Add the new role created;
- Click Save.
Step 5: This step requires creating a new access token that will then supply the values for the Token Id and Token Secret. To create a new access token:
- Go to Setup > Users/Roles > User Management > Access Tokens > New;
- Select the application created in Step 4 from the dropdown list;
- Select the user from the dropdown list;
- Select the role created in Step 3 from the dropdown list;
- The Token Name pre-populates by default with a concatenation of Application Name, User, and Role. You can however override this and enter your own token name.
- Click Save.
The Token Id and Token Secret details will then be displayed on the screen. You MUST copy/paste this information in a secure location and then enter in the relevant fields in the payroll software.
Important: For security reasons, the Token Id and Token Secret values are only displayed on the initial setup page. They cannot be retrieved from the system after you navigate away from the screen. If you did not retain these details, you will need to create a new access token.
Step 6: This last step requires you enter the applicable values against each field in the Journals screen of your payroll software, as shown in Step 2. Then click Enable. After the connection is established, you will be able to:
- Choose whether you want to post the journals as approved; and
- Select a Subsidiary (OneWorld users only).
You have now connected your payroll file to NetSuite.
The next step is to (a) assign classes, departments, subsidiaries to your locations and/or import your chart of accounts.
If you have any questions, please let us know via firstname.lastname@example.org.