1. NetSuite Integration
  2. Configuring OpenAir for the Integration
  3. NetSuite Connector Administration Settings
  4. Additional integrations
  5. Use OAuth 2.0 for NetSuite Single Sign-On Integration and Real-Time Record Import
  6. Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn

Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn

Use the following steps to upgrade both, or either one of, the OpenAir Within NetSuite and Real-time Record Import features. The upgrade removes the dependency on the NetSuite Outbound Single Sign-On (SuiteSignOn) feature and uses more secure, modern, and reliable authentication methods.

Important:

Plan to upgrade your integration configuration before the NetSuite 2024.2 release to ensure service continuity. The functionality relying on NetSuite Outbound Single Sign-On (SuiteSignOn) will stop working with the NetSuite 2024.2 upgrade.

You should test all integration configuration changes on sandbox NetSuite and OpenAir accounts before implementing them in your production accounts.

To upgrade OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn

  1. Update the NetSuite OpenAir SRP Integration (Bundle ID: 369637) to version 4.0 or later.

    This bundle version:

    • Adds fields to the OpenAir: SRP Integration Settings custom record type. These fields are required to set up the upgraded versions of the OpenAir Within NetSuite (NetSuite Single Sign-On Integration) and Real-Time Record Import features.

    • Adds the following permission to the NSOA Connector role:

      • OIDC Provider Setup (Full)

      • OAuth 2.0 Authorized Applications Management (Full)

      • Log in using OAuth 2.0 Access Tokens (Full)

      • Certificate management (Full)

    Important:

    Update NetSuite OpenAir SRP Integration bundle (Bundle ID 369637) to Version 4.0 or later and make sure the update completes before you update NetSuite OpenAir SRP Single Sign-On bundle (Bundle ID 369619) to version 7.0 or NetSuite OpenAir SRP Real-time Add-on bundle (Bundle ID 369630) to version 3.0.

  2. Update the preferences for the NetSuite <> OpenAir integration.

    1. Go to Customization > Lists, Records and Fields > Record Types > [List OpenAir: SRP Integration Settings] > [Edit OpenAir SRP Integration Settings Record].

    2. Enter the following information:

    3. Click Save.

  3. If you are using the OpenAir Within NetSuite feature, update the integration configuration for this feature. See Upgrading OpenAir Within NetSuite Feature Configuration in NetSuite.

  4. If you are using the Real-Time Record Import feature, update the integration configuration for this feature. See Updating the Real-Time Record Import Feature Configuration in NetSuite.

  5. Enable the upgraded OpenAir Within NetSuite and Real-Time Record Import features using OAuth 2.0 in OpenAir.

    1. In OpenAir, go to Administration > NetSuite Connector > Credentials.

    2. Click the Tips utility button, then NetSuite Connector administration.

    3. Check the Use OAuth 2.0 for NetSuite Single Sign-On Integration and Real-Time Record Import (Configuration Changes Required Before Enabling – See Documentation) box under the Additional Integrations section.

    4. Click Save.

      Important:

      Switching to using OAuth 2.0 instead of SuiteSignOn for NetSuite Single Sign-On Integration and Real-Time Record Import is not reversible. After you check this box and click Save, you cannot undo the change and go back to using SuiteSignOn.

    5. Click Close to return to the OpenAir NetSuite Connector Credentials tab.

  6. If you are using the OpenAir Within NetSuite feature, enter the NetSuite OAuth 2.0 Credentials in OpenAir.

    1. On the OpenAir NetSuite Connector Credentials tab, under NetSuite OAuth 2.0 credentials, enter the Consumer key and Consumer secret which you copied from NetSuite when creating an integration record to use the NetSuite as OIDC Provider feature for OpenAir Within NetSuite (Upgrading OpenAir Within NetSuite Feature Configuration in NetSuite – Step 4).

    2. Click Save.

  7. If you are using the Real-Time Record Import feature, verify that the certificate required for real-time record imports is valid. See Real-Time Record Import Certificate and Certificate Rotation.

    Note:

    OpenAir uses certificates to validate real-time record import requests. If you followed the above steps in the correct order, OpenAir NetSuite Connector generates a certificate and saves it to NetSuite and OpenAir automatically. Subsequently, OpenAir NetSuite Connector manages the certificate rotation automatically. See Real-Time Record Import Certificate and Certificate Rotation.

Upgrading OpenAir Within NetSuite Feature Configuration in NetSuite

If you are using the OpenAir Within NetSuite feature, follow these steps to replace SuiteSignOn with NetSuite as OIDC Provider as the outbound single sign-on method enabling access to OpenAir from within the NetSuite UI.

Important:

The following steps assume that NetSuite OpenAir SRP Integration (Bundle ID: 369637) 4.0 or later version is installed in your NetSuite account and you have updates the preferences for the NetSuite <> OpenAir integration. See Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn.

To upgrade OpenAir Within NetSuite feature configuration in NetSuite:

  1. In NetSuite, enable the OAuth 2.0 and NetSuite as OIDC feature. See Enable the NetSuite as OIDC Provider Feature (External link to NetSuite SuiteAnswers | Answer ID: 98270).

  2. If you are using your own custom role for the OpenAir integration instead of the “NSOA Connector” role created by the NetSuite OpenAir SRP Integration (Bundle ID 369637) bundle, make sure that this custom role includes the following permissions and permission levels in the Setup secondary subtab. For more information, see Creating a Custom Role for the Integration in NetSuite.

    • OIDC Provider Setup (Full)

    • OAuth 2.0 Authorized Applications Management (Full)

    • Log in using OAuth 2.0 Access Tokens (Full)

  3. Update the NetSuite OpenAir SRP Single Sign-On (Bundle ID: 369619) bundle to version 7.0 or later.

    This bundle version:

    • Updates SuiteScript 2 versions of Suitelet scripts to enable access to OpenAir modules in the PSA center tab using NetSuite as OIDC Provider.

    • Updates the OpenAir: Home module portlet v2.0 Portlet script to enable access to the OpenAir dashboard as a custom portlet on the NetSuite dashboard using NetSuite as OIDC Provider.

    • Adds the script OpenAir: Load subtab to enable access to the OpenAir record as a subtab on the matching record in NetSuite for selected NetSuite record types using NetSuite as OIDC Provider.

    • Switches to using SuiteScript 2 versions of all scripts in the bundle automatically.

    Important:

    Update NetSuite OpenAir SRP Integration bundle (Bundle ID 369637) to Version 4.0 or later before you update NetSuite OpenAir SRP Single Sign-On (Bundle ID 369619) to this version. NetSuite OpenAir SRP Integration bundle (Bundle ID 369637) 4.0 updates the OpenAir: SRP Integration Settings custom record type with settings required for using the NetSuite as OIDC Provider for the OpenAir Within NetSuite feature.

    SuiteScript 1.0 versions of scripts in the NetSuite OpenAir SRP Single Sign-On (Bundle ID: 369619) bundle support only the SuiteSignOn method. SuiteScript 2 versions of scripts support both the SuiteSignOn and the NetSuite as OIDC Provider methods. OpenAir will end support for SuiteScript 1.0 versions of scripts in the NetSuite OpenAir SRP Single Sign-On (Bundle ID: 369619) bundle some time after the NetSuite 2024.2 release, when support for the SuiteSignOn feature ends (date to be confirmed).

  4. Create a custom integration record for the OpenAir Within NetSuite feature and set it up for OpenAir NetSuite Connector to use NetSuite as OIDC Provider for outbound single sign-on. See Create Integration Records for Applications that Use NetSuite as OIDC Provider for Outbound Single Sign-on (External link to NetSuite SuiteAnswers | Answer ID: 98323).

    1. Use the following settings under the OAuth 2.0 section of the integration record:

      • Authorization code grant — Check the box. This is required for the NetSuite as OIDC Provider integration to work.

      • Redirect URI — Enter one of the following URIs, depending on the type of OpenAir account type you are setting up for the integration:

        • Production account — https://auth.openair.com/oidc/callback/internal_netsuite_<netsuite_account_id>

        • Sandbox account — https://auth.sandbox.openair.com/oidc/callback/internal_netsuite_<netsuite_account_id>

        where <netsuite_account_id> is your NetSuite Account ID

        Important:

        All alphabetical characters in <netsuite_account_id> must be lowercase. If your NetSuite Account ID includes uppercase alphabetical characters, replace them with the lowercase equivalent. When setting up the integration between OpenAir and NetSuite sandbox accounts, the NetSuite sandbox account ID typically includes the characters SB and should be replaced with the lowercase equivalent sb. For example, if your NetSuite Account ID is 345678_SB2, the Redirect URI is https://auth.sandbox.openair.com/oidc/callback/internal_netsuite_345678_sb2.

      • OAuth2.0 consent policy — You should select Never Ask so that the integration is autoapproved by an administrator. With other settings, users need to authorize the integration before being able to view OpenAir within NetSuite UI.

    2. Copy the Consumer key / Client ID and Consumer secret / Client secret and store the information in a safe place. You will need to enter this information on the OpenAir NetSuite Connector credentials form in OpenAir for the NetSuite as OIDC Provider integration to work (Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn – Step 6).

  5. Give users access to the NetSuite as OIDC Provider integration for the OpenAir Within NetSuite feature.

    1. Go to Setup > Integration > NetSuite as OIDC Provider Setup.

    2. Click the name of the custom integration record you created for the OpenAir Within NetSuite feature (Step 4).

      The Application Settings: <Integration Name> window appears.

    3. On the Entities tab and Employees subtab, check the Select All box to give all users access to the NetSuite as OIDC Provider integration for the OpenAir Within NetSuite feature.

    4. On the Roles tab, check the Select All box to give all roles access to the NetSuite as OIDC Provider integration for the OpenAir Within NetSuite feature.

    5. Click Save.

  6. Add the Custom Record Entries permission with View permission level or higher to the relevant roles in NetSuite. Without this permission, users cannot access OpenAir from the NetSuite UI.

    For each role, do the following:

    1. Go to Setup > Users/Roles > User Management > Manage Roles > [Select a role].

    2. Click Edit.

    3. In the Permissions subtab, click the Lists secondary subtab.

    4. Add a row and select Custom Record Entries under Permission, and View under Level.

    5. Click Add.

    6. Click Save.

    Note:

    If you are using standard roles, you will need to customize standard roles, and assign these new custom roles to users to let these users access OpenAir from the NetSuite UI. For more information about managing roles in NetSuite, see Customizing or Creating NetSuite Roles (External link to NetSuite SuiteAnswers | Answer ID: 9896).

  7. Update the preferences for the NetSuite <> OpenAir integration.

    1. Go to Customization > Lists, Records and Fields > Record Types > [List OpenAir: SRP Integration Settings] > [Edit OpenAir SRP Integration Settings Record].

    2. In the NetSuite OpenAir SRP Single Sign-On subtab, check any of the boxes listed in the following table to show the OpenAir record as a subtab on the matching record in NetSuite. The table lists the integrations settings for each of the supported NetSuite record types and the corresponding types of OpenAir record shown in the OpenAir subtab.

      Setting

      NetSuite record type

      OpenAir record type

      Display OpenAir in Contact subtab

      Contact

      Contact

      Display OpenAir in Customer subtab

      Customer

      Customer

      Display OpenAir in Employee subtab

      Employee

      Employee

      Display OpenAir in Expense report subtab

      Expense Report

      Expense Report

      Display OpenAir in Invoice subtab

      Invoice

      Invoice

      Display OpenAir in Journal entry subtab

      Journal Entry

      Revenue Recognition Transaction

      Display OpenAir in Rate card subtab

      OpenAir: Project Rate Card (custom record type)

      Rate Card

      Display OpenAir in Project subtab

      Project

      Project

      Display OpenAir in Item subtab

      Service Item

      Category
      Note:

      Some of the configuration-based customization available when using the SuiteSignOn feature is not currently available when using the NetSuite as OIDC Provider feature. You would need to deploy custom SuiteScripts to achieve the following functionality.

      • Ability to show the Timesheets module on Support Case records as an OpenAir: Timesheets subtab in NetSuite when using the Tasks (Support Cases) Import Workflow.

      • Ability to set up custom OpenAir subtabs on NetSuite records and displaying OpenAir content other than those listed in the table above. With the SuiteSignOn feature, you could set up custom subtabs and use connection points to associate each custom subtab with a NetSuite record type and use integration variables to specify the OpenAir content shown in this subtab.

    3. Click Save.

Updating the Real-Time Record Import Feature Configuration in NetSuite

If you are using the Real-Time Record Import feature, follow these steps to use certificate-based authentication instead of the SuiteSignOn feature for real-time imports.

Important:

The following steps assume that NetSuite OpenAir SRP Integration (Bundle ID: 369637) 4.0 or later version is installed in your NetSuite account and you have updates the preferences for the NetSuite <> OpenAir integration. See Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn.

To update the Real-Time Record Import feature configuration in NetSuite:

  1. If you are using your own custom role for the OpenAir integration instead of the “NSOA Connector” role created by the NetSuite OpenAir SRP Integration (Bundle ID 369637) bundle, make sure that this custom role includes the Certificate management permission (Full permission level) in the Setup secondary subtab. For more information, see Creating a Custom Role for the Integration in NetSuite.

  2. Update the NetSuite OpenAir SRP Real-time Add-on (Bundle ID 369630) bundle to version 3.0 or later.

    This bundle version:

    • Updates the OpenAir: Send Record to OpenAir v2.0 user event script to import records from NetSuite into OpenAir in real-time using certificate-based authentication.

    • Adds the custcertificate_oa_realtime certificate record. The default certificate openair-certificate.pem associated with the custcertificate_oa_realtime certificate record is not valid. It is a required placeholder that will be replaced later. See Upgrading OpenAir NetSuite Connector Features to Remove the Dependency on SuiteSignOn – Step 7.

    Important:

    Update NetSuite OpenAir SRP Integration bundle (Bundle ID 369637) to Version 4.0 or later before you update NetSuite OpenAir SRP Real-time Add-on (Bundle ID 369630) to this version. NetSuite OpenAir SRP Integration bundle (Bundle ID 369637) 4.0 updates the OpenAir: SRP Integration Settings custom record type with settings required for using certificate-based authentication for the Real-Time Record Import feature.

    NetSuite OpenAir SRP Real-time Add-on (Bundle ID 369630) Version 3.0 or later is required and OpenAir: Send Record to OpenAir v2.0 must be deployed to enable real-time record import from NetSuite into OpenAir using certificate-based authentication.

    OpenAir: Send Record to OpenAir (SuiteScript 1.0 version) supports only the SuiteSignOn method. OpenAir: Send Record to OpenAir v2.0 (SuiteScript 2.0 version) supports both the SuiteSignOn and certificate-based authentication methods. OpenAir will end support for this SuiteScript 1.0 version some time after the NetSuite 2024.2 release, when support for the SuiteSignOn feature ends (date to be confirmed).

  3. If you currently have the OpenAir: Send Record to OpenAir user event script (SuiteScript 1.0 version) deployed for real-time record import, switch to OpenAir: Send Record to OpenAir v2.0 (SuiteScript 2 version). See Switching to SuiteScript 2 Versions of Integration Bundle Scripts.

  4. Update the preferences for the NetSuite <> OpenAir integration.

    1. Go to Customization > Lists, Records and Fields > Record Types > [List OpenAir: SRP Integration Settings] > [Edit OpenAir SRP Integration Settings Record].

    2. Check the Real-time integration with OpenAir box in the NetSuite OpenAir SRP Real-Time Add-On subtab.

    3. Click Save.

Real-Time Record Import Certificate and Certificate Rotation

OpenAir uses certificates to validate real-time record import requests. Certificates are valid for a finite period. After the initial set up, OpenAir NetSuite Connector generates a new certificate and saves it to NetSuite and OpenAir automatically one to two weeks before the previous certificate expires.

You can use the OpenAir NetSuite Connector Health Check feature to verify whether there is a valid real-time record import certificate in your account, and when the current certificate expires if valid. See OpenAir NetSuite Connector Health Check.

You can trigger the certificate generation and rotation from the contextual tips menu at any time.

To generate a new certificate for real-time record imports:

  1. In OpenAir, go to Administration > NetSuite Connector.

  2. Click the Tips button then click Generate new real-time import certificate. OpenAir NetSuite Connector generates a new certificate, uploads it in the custcertificate_oa_realtime certificate record in NetSuite, and saves it in OpenAir after it is successfully uploaded in NetSuite.

Note:

Whereas other OpenAir changes supporting the upgraded OpenAir Within NetSuite and Real-time Record Import features were delivered as part of the OpenAir 2023.2 release on October 7, 2023, the automated certificate rotation and health check was released on February 7, 2024.