User Guide
Release Notes

NetSuite

Configuring the Veza integration for NetSuite

Overview

The Veza integration discovers a single Oracle NetSuite tenant and its users, roles, and subsidiary resources. To discover more than one environment, (for example, production and staging), follow the instructions to configure two separate instances of the integration.

See notes and supported entities for more details.

Configuring NetSuite

Authentication is done through an Oauth2 workflow. The integration uses a JWT exchange based on a client ID and certificate to exchange for a bearer token. The bearer token is used for all the SuiteQL API calls.

Follow these steps to create the credentials Veza will use for NetSuite discovery:

Ensure that REST API and Oauth2 are enabled

  1. Navigate to Setup -> Company -> Enabled Features

  2. Under the Analytics tab:

    • In the SuiteAnalytics Workbook section, enable SUITEANALYTICS WORKBOOK if it is not enabled.

  3. Under the SuiteCloud tab:

    • In the SuiteTalk (Web Services) section, enable REST WEB SERVICES if it is not enabled.

    • In the Manage Authentication section, enable Oauth2

Create a Role for Veza discovery

  1. Navigate to Setup -> Users/Roles -> Manage Roles and create a new role

  2. Provide a name for the role such as "Veza Discovery"

  3. Under Subsidiary Restrictions set Accessible Subsidiaries to All Subsidiaries

  4. Assign the following permissions to the role:

    • Reports

      • SuiteAnalytics Workbook: Edit

    • Lists

      • Employee Record: View

      • Employees: View

      • Subsidiaries: View

    • Setup

      • Bulk Manage Roles: Full

      • OAuth 2.0 Authorized Applications Management

      • Log in using OAuth 2.0 Access Tokens

      • REST Web Services: Full

      • View Login Audit Trail: Full

Assign the role to a user

The user can be an existing user, or you can create a user for Veza discovery. To review users' roles, go to Setup > Users/Roles > Manage Users.

Create an integration

  1. Navigate to Setup > Integration > Manage Integrations and create a new integration

  2. Provide a name for the integration such as "Veza Discover" and an optional description

  3. Under the Oauth2 section enable CLIENT CREDENTIALS (MACHINE TO MACHINE) GRANT and Scope REST Web Services

  4. After saving the integration, a consumer key and secret will be displayed. Save these values, which only appear once. New credentials can be created by editing the integration and selecting "Reset Credentials."

Configure client credentials

  1. Generate a new x509 Certificate to use.

    1. Use the following command to generate a new RSA certificate:

    openssl req -new -x509 -newkey rsa:4096 -days 365 -keyout private.pem -sigopt rsa_padding_mode:pss -sha256 -sigopt rsa_pss_saltlen:64 -out public.pem -nodes

    The certificate expires after the specified number of days.

  2. Go to Setup > Integration > Oauth 2.0 Client Credentials (M2M)

    • Create a new set of credentials

    • Select the desired User for the Entity, the created Veza Role and the new Integration for Application

    • Upload the public portion of the Certificate public.pem

    • After creating the credentials, note the Certificate ID from the display table​

Configuring NetSuite on the Veza Platform

​To enable the NetSuite integration in Veza you will need the following:​

  1. In Veza, open the Integrations page.

  2. Click Add New and pick NetSuite as the type of integration to add

  3. Enter the required information and Save the configuration

    • NetSuite instance ID: this is the first part of your NetSuite URL, usually a seven digit number. For sandbox deployments include the -SBXX.

    • Consumer Key from the earlier steps

    • Certificate ID and private portion of the certificate from the credentials configuration

    • Certificate Key upload the private portion of the certificate private.pem

Notes and Supported Entities

The integration utilizes NetSuite's REST API and SuiteQL (SQL like query language) to collect necessary information about Users, Roles, and NetSuite Subsidiaries (resources). Roles can be assigned based on Subsidiary.

NetSuite User

Users are individuals with access to a NetSuite account. Users are typically employees, but can also represent vendors, partners, or customers.

Veza only gathers NetSuite users with the capability to login to NetSuite.

AttributeNotes

is_active

Boolean True if user account is active

email

User email

external_id

User's external ID for SSO

supervisor_id

NetSuite ID of the user's supervisor

title

User's title

give_access

Boolean if the user has access to NetSuite

subsidiary_id

NetSuite ID number of User's Subsidiary

subsidiary

User's subsidiary name

created_at

Creation time for employee record

last_login_at

Date of last successful User login to NetSuite from Audit Trail

NetSuite Role

Roles are configurations defining the level of access and sets of permissions users can have.

AttributeNotes

accessible_subsidiaries

Subsidiary access type for role, e.g. "all", "own", "selected", "active"

crosssubsidiary_record_viewing

Boolean if cross-subsidiary record viewing is enabled for role

is_active

Boolean if role is active

is_sso_only

NetSuite configuration if role requires users from in-bound SSO only

NetSuite Subsidiary Resource

Subsidiaries represent separate, hierarchical legal entities (distinct companies) within NetSuite.

AttributeNotes

is_active

Boolean for subsidiary active status

is_elimination

Boolean if subsidiary is an elimination subsidiary

parent_id

NetSuite ID of parent subsidiary

country

Country designation for subsidiary

full_name

Subsidiary full name which includes all parent names

PreviousMicrosoft SQL ServerNextOkta

Last updated