Integrate with Oracle NetSuite

Prerequisites

Before you install and configure an Oracle NetSuite orchestrated system, you should consider the following pre-requisites and tasks.

Certified Components

The system can be any one of the following:

Table - Certified Components

Component Type Component
Target System Oracle NetSuite Release 2023.1
Target API Version NetSuite v1 and NetSuitePort_2022_1

Supported Modes

Oracle NetSuite orchestrated system supports the following modes:

  • Managed System

Supported Operations

The Oracle NetSuite orchestrated system supports the following operations:
  • Create user
  • Delete user
  • Reset Password
  • Assign Roles to a user
  • Revoke Roles from a user
  • Assign Group to a user
  • Remove Group from a user

Configuring NetSuite System to Perform Operations

This is a high-level summary of the tasks to be performed on the target system before you create the application.

Pre-installation for the NetSuite connector involves performing a series of tasks on the NetSuite system.

Pre-installation involves the following tasks:

  1. Login to Oracle NetSuite.
  2. Go to Setup > Company > Enable Features .
  3. Click SuiteCloud sub-tab and enable the following features from the respective menu items.
    1. SuiteBuilder

      Enable the following boxes:

      1. ITEM OPTIONS
      2. CUSTOM RECORDS
      3. ADVANCED PDF/HTML TEMPLATES
      4. REMOVE PERSONAL INFORMATION
    2. SuiteScript:
      1. CLIENT SUITESCRIPT
      2. SERVER SUITESCRIPT
    3. SuiteFlow
      1. SUITEFLOW
    4. SuiteGL
      1. CUSTOM GL LINES
      2. CUSTOM TRANSACTIONS
      3. CUSTOM SEGMENTS
    5. SuiteBundler
      1. CREATE BUNDLES WITH SUITEBUNDLER
    6. SuiteTalk
      1. SOAP WEB SERVICES
      2. REST WEB SERVICES
    7. Manage Authentication
      1. SUITESIGNON
      2. TOKEN-BASED AUTHENTICATION
      3. OAUTH 2.0
    8. SuiteCloud Development Framework
      1. SUITECLOUD DEVELOPMENT FRAMEWORK
  4. Click SAVE.

To create an integration record for an application, follow the below steps:

    1. Go to Setup > Integration> Manage Integration > New.
    2. Enter a name for your application in the Name field.
    3. Enter a description in the Description field, if preferred.
    4. Select Enabled in the State field.
    5. Enter a note in the Note field, if preferred.
    6. On the Authentication tab, check the appropriate boxes for your application:
      1. Token-based Authentication
          1. TOKEN-BASED AUTHENTICATION
          2. TBA: AUTHORIZATION FLOW
          3. Define the CALLBACK URL.
      2. O-Auth 2.0
        1. AUTHORIZATION CODE GRANT
        2. Scope
          1. RESTLETS
          2. REST WEB SERVICES
        3. Provide a valid REDIRECT URI
    7. Click SAVE.
    8. Ensure to copy the Client Credentials details that will appear on the screen as it is one-time display.

      For Example:

      consumerKey = "fcb9ec7e7d386fab36566e9c4159bXXXXXXX2875841d828aee7e"

      consumerSecret = "bd7780d4396715f5f4586d874379XXXXXX38c42a525c95f70"

To create and assign a Token Based Authentication token:

  1. Log in as a user with the Access Token Management permission.
  2. Go to Setup > Users/Roles > Access Tokens.
  3. On the Access Tokens page, click New Access Token.
  4. On the Access Token page:
    1. Select the Application Name.
    2. Select the User.
    3. Select the Role.
    4. The Token Name is already populated by default with a concatenation of Application Name, User, and Role. Enter your own name for this token, if preferred.
  5. Click Save.
  6. Ensure to copy the Token details that will appear on the screen as it is one-time display. For example:  

    tokenId = "0948d37f7XXXXXXXXXXXXXX8075";

    tokenSecret = "86b7bb19cXXXXXXXXabfa0eb401e2c2c24b”

OAuth2.0 Flow to Generate the User-Level Tokens

To generate the user-level access and refresh tokens, there are two steps you must complete manually, and these values should be provided in authToken in Oracle NetSuite Connector basic configuration for authentication.

The following steps must be completed by users who are opting in for Authorization Code Grant:

You must pass the Authorization code grant URL in the internet browser or use Postman to generate the tokens.

  1. Requesting the Authorization Code

    Note:

    The token URI for the developer environment is as follows:

    https://<host name>/services/rest/auth/oauth2/v1/token.

    1. Enter the following URL in a browser as provided in the example.

      Example:

      https://<host name> /app/login/oauth2/authorize.nl?redirect_uri={callback}&response_type=code&scope=restlets+rest_webservices&state=ykv2XLx1BpT5Q0F3MRPHb94j&client_id={ConsumerKey}.

      Replace {ConsumerKey} with your Consumer key / Client id and {callback} with your redirect URI. The URL above includes the signature scope required for the eSignature REST API.

      This URL opens the Oracle NetSuite authentication screen.

    2. After you enter your Oracle NetSuite account email address and password and give consent for the requested scopes and then once you redirect to the login Browser Enter the user Credentials to Login and authenticate then Click on the Continue to allow Oracle NetSuite to access your information to Provide the code. The browser will redirect to your redirect URI with a long string returned for the code parameter embedded in the URL.

      Request:

      https://<host name>/app/login/oauth2/authorize.nl?redirect_uri=http://example.com&response_type=code&scope=restlets+rest_webservices&state=ykv2XLx1BpT5Q0F3MRPHb94j&client_id=7e1c238e-xxxx-xxxx-xxxx-abcea08a3171

      Response: https://example.com/?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=3&entity=4622&company=TSTDRVXXXXXX&code=096835b6aced….......457b00e3c

  2. Generating Refresh Tokens Using the Code Generated in Step 1
    1. To request a refresh token, send a POST request containing your authorization code to the NetSuite authentication service.
    2. Paste the values of Consumer Key and Consumer secret key as User name and Password respectively under Authorization in the Refresh token request with the type as Basic Auth in Postman.
    3. In addition, the refresh token request contains a set of body parameters namely grant_type and code.
      1. Update the key as code with value <code>.

        Note:

        <code> is nothing but the authorization code that you received from the callback in step 1.

        For example, code=096835b6aced..........457b00e3c.

      2. Similarly, update one or more body parameter with the key as grant_type and value as authorization_code and another body parameter with key as redirect_uri and value as the same provided in the step 1.
    4. Execute the Authorize Code Grant Refresh Token request to generate an access token and a refresh token.
      1. In the response, you will get elements, namely, access_token, token_type, refresh_token, and expires_in.
      2. Copy/save the values of refresh_token.

      For more information about how to get a refresh token with Auth Code Grant, see NetSuite Applications Suite.

      Examples:

      Request:

      curl --location --request POST " https://<host name>/services/rest/auth/oauth2/v1/token"--header "Authorization: Basic N2UxYzIzOGU1Zj........GI3Njg3MzMzMTZm" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "code=34e8dec4289........a52fe26" --data-urlencode "redirect_uri=https://example.com" --data-urlencode "grant_type=authorization_code"

      Response:

      { "access_token":"eyJ0eXAi......mX9f7k1g", "token_type":"Bearer", "refresh_token":"eyJ0eXAi......mruC5c3A", "expires_in":3600 }

      Table - Required element for OAuth2.0 authentication

      Element Description
      refresh_token

      A token that is used to obtain a new access token without requiring user consent and Use this token in the Authorization header of all NetSuite API calls.

      Providing Values for NetSuite Connector Basic Configuration.

      After you have obtained the refresh_token value, you must provide these values in authToken under NetSuite Connector basic configuration. For information about configuration, see Configuring the NetSuite Connector. For example, eyJ0eXAi......mX9f7k1g

      refresh_token value The full refresh token value that is received from authentication.

Configure

You can establish a connection between Oracle NetSuite and Oracle Access Governance by entering connection details. To achieve this, use the Orchestrated Systems functionality available in the Oracle Access Governance Console.

Navigate to the Orchestrated Systems Page

Navigate to the Orchestrated Systems page of the Oracle Access Governance Console, by following these steps:
  1. From the Oracle Access Governance navigation menu icon Navigation menu, select Service Administration → Orchestrated Systems.
  2. Click the Add an orchestrated system button to start the workflow.

Select system

On the Select system step of the workflow, you can specify which type of system you would like to onboard.

  1. Select NetSuite.
  2. Click Next.

Enter details

On the Enter Details step of the workflow, enter the details for the orchestrated system:

  1. Enter a name for the system you want to connect to in the What do you want to call this system? field.
  2. Enter a description for the application in the How do you want to describe this system? field.
  3. Click Next.

Configure

On the Configure step of the workflow, enter the configuration details required to allow Oracle Access Governance to connect to the Oracle NetSuite instance.

  1. In the Host field, enter the host name of the system on which your NetSuite application is running.

    Sample Value : TSTDRVXXXXXXXX.suitetalk.api.netsuite.com

  2. In the Account name field, enter the name for the account created on the NetSuite application to perform operations.

    Sample Value : TSTDRVXXXXXXXX

  3. In the Consumer key field, enter the consumerKey.

    Sample Value : 7e1c238e538bafXXXXXXXXbcea08a3171

  4. In the Consumer secret field, enter the consumerSecret.

    Sample Value : fff0b23810704056XXXXXXXXXX0b768733316f

  5. In the Token ID field, enter the token Id.

    Sample Value : 3e23ecc14bc7dXXXXXXXd400e56177ed

  6. In the Token secret field, enter the Token secret.

    Sample Value : cd750404ee67653aXXXXXXXXXX646422da64c

  7. In the Auth URL field, Enter the URL of the authentication server that validates the client ID and client secret for your system.

    Default value : /services/rest/auth/oauth2/v1/token

  8. In the Auth token field, enter the Refresh Token Values. This value can be fetched by performing OAuth code authorization flow.

    Sample value : eyJ0eXAiOiJNVCIsImFsZyI6IlJTMjU2Iiwia2lkIjoiNjgxODVmZjEtNGU1MS00Y2U5LWFmMWMtNjg5ODEyMjAzMzE3In0.AQoAAAABAAUABwCA8Kx7sbjaSAgAgDDQifS42kgCAGcjU3expKxCtXXXXXXXXXXXFAAAADQAkAAAANDdhZWE4OWQtNWViYy00NmMyLWI0YmYtNjE5MDRhMjE0MTE1IgAkAAAANDdhZWE4OWQtNWViYy00NmMyLWI0YmYtNjE5MDRhMjE0MTE1MACABwhGsbjaSDcAC1hTwTsYB0GKF0Qif6kfLg.Lk45d4mcBPIrBghYun1S2pVa0EE0XHYTU66cqWpEuPMgSieVTRgwF3wyTOSgyPuiJNf18QTJcG6js4LvVL7sPw8IJwQ6bd

  9. In the Port field, enter the port number the target system is listening on.

    Sample value: 443

  10. Click Add to create the orchestrated system.

Finish Up

The final step of the workflow is Finish Up, where you are given a choice whether to further configure your orchestrated system before running a data load, or accept the default configuration and initiate a data load. Select one from:
  • Customize before enabling the system for data loads
  • Activate and prepare the data load with the provided defaults

Post Configuration

There are no post configuration steps associated with an Oracle NetSuite system.