NetSuite and NetSuite OneWorld now require an advanced security feature called Token-Based Authentication in order to maintain the integration with your payroll software. Why is this the case? Up until now, the alternative has been email and password based authentication. This method, in addition to being less secure, requires passwords be reset every six months and therefore connection between NetSuite and your payroll software has required updating at least every six months.
Taking effect from 9 November 2018, In addition to enabling Token Based Authentication within your NetSuite account, the payroll software will now require additional credentials to be added in the “Journal” settings when reconnecting to your applicable NetSuite source.
Below is a guide to reconfiguring your journal connection between the payroll software and NetSuite.
Step 1: Enable Token Based Authentication in NetSuite, if you haven’t already done so. To do this:
- Go to Setup > Company > Setup Tasks > > Enable Features;
- Click on the SuiteCloud subtab;
- Scroll down to the Manage Authentication section, and tick the Token-based Authentication checkbox;
- Click I Agree on the SuiteCloud Terms of Service page.
- Click Save.
Step 2: Access the Journals screen in your payroll software via the Payroll Settings. Your journal service selection should still remain as either NetSuite or NetSuite OneWorld, however you will be required to complete the following additional fields:
Step 3: Enter the Netsuite/NetSuite OneWorld Account Id. You can locate your Account Id by navigating to Setup -> Integration -> Web Services Preferences (in NetSuite). The Account Id appears on the top left hand side of the screen.
Step 4: You will now need to create an integration record if one doesn’t exist. The integration record identifies the payroll software in NetSuite’s system and is also what is required to create the Consumer Key and Consumer Secret. To create an integration record:
- Go to Setup > Integration > Manage Integrations > New;
- In the Name field, enter the name of the payroll application (or any other name that is easily identifiable to users);
- With the State field, keep the value as “Enabled”;
- In the Authentication subtab, tick the TOKEN-BASED AUTHENTICATION checkbox.
- Click Save.
The Consumer Key and Consumer Secret details will then be displayed on the screen. You MUST copy/paste this information in a secure location and then enter in the relevant fields in the payroll software.
Important: For security reasons, the Consumer Key and Consumer Secret values are only displayed on the initial setup page. They cannot be retrieved from the system after you navigate away from the screen.
If you (a) did not retain the Consumer Key and Consumer Secret details or (b) already have an existing integration record but have not retained the Consumer Key and Consumer Secret details, you will need to reset credentials to obtain new values. To do this:
- Click on Edit;
- Click on Reset Credentials;
- Confirm by clicking on OK.
Step 5: The NetSuite administrator role does not have token permissions by default. If you do not create a token role and assign it to your administrator, you will get a “Login access has been disabled for this role” error when creating a token. To do this:
- Go to Setup > Users/Roles > User Management > Manage Roles > New;
- Click on New Role;
- Enter a Name for the role;
- Navigate to Permissions > Setup and add the following permissions:
- User Access Token: Full
- Access Token Management: Full
- Web Services: Full
- Navigate to Permissions > Lists and add the following permissions:
- Accounts: Full
- Classes: Full
- Departments: Full
- Employee Record: Full
- Employees: Full
- Locations: Full
- Tax Items: Full
- Subsidiaries: Full (OneWorld users only)
- Navigate to Permissions > Transactions and add the following permission:
- Make Journal Entry: Full
Additional note for OneWorld users: the role must have explicit access to every individual subsidiary in the business; not just the parent subsidiary.
Step 6: The new role created in Step 5 now needs to be assigned to employee/user. To do this:
- Do a global search for "page:employees";
- Click on Edit for “Employees”;
- Click on Edit for the relevant employee;
- Navigate to Access (subtab) > Roles;
- Add the new role created;
- Click Save.
Step 7: This step requires creating a new access token that will then supply the values for the Token Id and Token Secret. To create a new access token:
- Go to Setup > Users/Roles > User Management > Access Tokens > New;
- Select the application created in Step 4 from the dropdown list;
- Select the user from the dropdown list;
- Select the role created in Step 5 from the dropdown list;
- The Token Name pre-populates by default with a concatenation of Application Name, User, and Role. You can however override this and enter your own token name.
- Click Save.
The Token Id and Token Secret details will then be displayed on the screen. You MUST copy/paste this information in a secure location and then enter in the relevant fields in the payroll software.
Important: For security reasons, the Token Id and Token Secret values are only displayed on the initial setup page. They cannot be retrieved from the system after you navigate away from the screen. If you did not retain these details, you will need to create a new access token.
Step 8: This last step requires you enter the applicable values against each field in the Journals screen of your payroll software, as shown in Step 2. Then click Enable. After the connection is established, you will be able to:
- Choose whether you want to post the journals as approved; and
- Select a Subsidiary (OneWorld users only).
If you have any questions, please let us know via firstname.lastname@example.org.