NetSuite
Configuring the Veza integration for NetSuite
Overview
The Veza integration discovers a single Oracle NetSuite tenant and its users, roles, and subsidiary resources. To discover more than one environment, (for example, production and staging), follow the instructions to configure two separate instances of the integration.
See notes and supported entities for more details.
Configuring NetSuite
Authentication is done through an Oauth2 workflow. The integration uses a JWT exchange based on a client ID and certificate to exchange for a bearer token. The bearer token is used for all the SuiteQL API calls.
Follow these steps to create the credentials Veza will use for NetSuite discovery:
Ensure that REST API and Oauth2 are enabled
Navigate to Setup -> Company -> Enabled Features
Under the Analytics tab:
In the SuiteAnalytics Workbook section, enable SUITEANALYTICS WORKBOOK if it is not enabled.
Under the SuiteCloud tab:
In the SuiteTalk (Web Services) section, enable REST WEB SERVICES if it is not enabled.
In the Manage Authentication section, enable Oauth2
Create a Role for Veza discovery
Navigate to Setup -> Users/Roles -> Manage Roles and create a new role
Provide a name for the role such as "Veza Discovery"
Under Subsidiary Restrictions set Accessible Subsidiaries to All Subsidiaries
Assign the following permissions to the role:
Reports
SuiteAnalytics Workbook: Edit
Lists
Employee Record: View
Employees: View
Subsidiaries: View
Setup
Bulk Manage Roles: Full
OAuth 2.0 Authorized Applications Management
Log in using OAuth 2.0 Access Tokens
REST Web Services: Full
View Login Audit Trail: Full
Assign the role to a user
The user can be an existing user, or you can create a user for Veza discovery. To review users' roles, go to Setup > Users/Roles > Manage Users.
Create an integration
Navigate to Setup > Integration > Manage Integrations and create a new integration
Provide a name for the integration such as "Veza Discover" and an optional description
Under the Oauth2 section enable CLIENT CREDENTIALS (MACHINE TO MACHINE) GRANT and Scope REST Web Services
After saving the integration, a consumer key and secret will be displayed. Save these values, which only appear once. New credentials can be created by editing the integration and selecting "Reset Credentials."
Configure client credentials
Generate a new x509 Certificate to use.
Use the following command to generate a new RSA certificate:
openssl req -new -x509 -newkey rsa:4096 -days 365 -keyout private.pem -sigopt rsa_padding_mode:pss -sha256 -sigopt rsa_pss_saltlen:64 -out public.pem -nodes
The certificate expires after the specified number of days.
Go to Setup > Integration > Oauth 2.0 Client Credentials (M2M)
Create a new set of credentials
Select the desired User for the Entity, the created Veza Role and the new Integration for Application
Upload the public portion of the Certificate
public.pem
After creating the credentials, note the Certificate ID from the display table
Configuring NetSuite on the Veza Platform
To enable the NetSuite integration in Veza you will need the following:
In Veza, open the Integrations page.
Click Add New and pick NetSuite as the type of integration to add
Enter the required information and Save the configuration
NetSuite instance ID: this is the first part of your NetSuite URL, usually a seven digit number. For sandbox deployments include the
-SBXX
.Consumer Key from the earlier steps
Certificate ID and private portion of the certificate from the credentials configuration
Certificate Key upload the private portion of the certificate
private.pem
Notes and Supported Entities
The integration utilizes NetSuite's REST API and SuiteQL (SQL like query language) to collect necessary information about Users, Roles, and NetSuite Subsidiaries (resources). Roles can be assigned based on Subsidiary.
NetSuite User
Users are individuals with access to a NetSuite account. Users are typically employees, but can also represent vendors, partners, or customers.
Veza only gathers NetSuite users with the capability to login to NetSuite.
Attribute | Notes |
---|---|
| Boolean True if user account is active |
| User email |
| User's external ID for SSO |
| NetSuite ID of the user's supervisor |
| User's title |
| Boolean if the user has access to NetSuite |
| NetSuite ID number of User's Subsidiary |
| User's subsidiary name |
| Creation time for employee record |
| Date of last successful User login to NetSuite from Audit Trail |
NetSuite Role
Roles are configurations defining the level of access and sets of permissions users can have.
Attribute | Notes |
---|---|
| Subsidiary access type for role, e.g. "all", "own", "selected", "active" |
| Boolean if cross-subsidiary record viewing is enabled for role |
| Boolean if role is active |
| NetSuite configuration if role requires users from in-bound SSO only |
NetSuite Subsidiary Resource
Subsidiaries represent separate, hierarchical legal entities (distinct companies) within NetSuite.
Attribute | Notes |
---|---|
| Boolean for subsidiary active status |
| Boolean if subsidiary is an elimination subsidiary |
| NetSuite ID of parent subsidiary |
| Country designation for subsidiary |
| Subsidiary full name which includes all parent names |
Last updated