Authentication Methods in Oracle NetSuite

Introduction to Authentication Methods:

Authentication is the process of verifying the identity of an entity, typically a user, system, or device, to ensure that they are who they claim to be. In Oracle NetSuite, authentication refers to the process of verifying the identity of users attempting to access the system. NetSuite employs various authentication mechanisms to ensure secure access to its cloud-based ERP and CRM platforms.

NetSuite offers several authentication options according to web services and applications. Each method has a different set of credentials and process to authenticate.

 

1. Authentication for the NetSuite User Interface:

This method contains Two-Factor Authentication, which protects the company against unauthorized access to data. This process is mandatory for highly privileged roles to log in to any NetSuite account.

 

Authentication consists of the following two steps:

• Enter the email address and password to log in to the NetSuite UI.

       Login URL: https://system.netsuite.com/pages/customerlogin.jsp

• The administrator will receive a 6-digit verification code, which needs to be entered for logging in.

 

2. Authentication for the API Access to NetSuite:

This authentication method allows client applications to utilize a token for accessing NetSuite through APIs. NetSuite offers two web services: SOAP and REST.

Note: Enable the feature to avail web services in NetSuite: Setup > Company > Enable Features > Suite Cloud > check SOAP web services and REST web services> Save.

 

The following authentication methods are offered by NetSuite:

1. User Credentials:

This authentication method is compatible with NetSuite Application, Suite Commerce, and SOAP web services. User credential verification is a conventional approach used to access the NetSuite UI. However, for integrations, automated processes, alternative authentication methods like token-based authentication or OAuth 2.0 are recommended.

 

Here's how user credential authentication works in NetSuite:

1. Users input their NetSuite username and password via the login page or authentication mechanism provided by NetSuite.
2. NetSuite verifies the provided username and password against its user database. Following successful authentication, NetSuite sets up a session for the user.

Before proceeding with further authentication methods, keep in mind that the system will only display the client credentials and Access token for the first time when the integration record is saved. Hence, it's suggested to note the credentials.

 

2. Token-based Authentication (TBA):

This authentication is used for RESTlets, SOAP and REST web services. TBA relies on the use of a token, a unique generated string that serves as a credential.

Authentication process of Restlet in Postman using TBA:

Step 1: Enable Features

1. Navigate to Setup > Company > Enable Features > Suite Cloud > Check Client SuiteScript & Server SuiteScript > Check Token-Based Authentication > Click I Agree > Save.

Step 2: Create a Role and assign it to the User

1. To create role, go to Setup > User/Roles > Manage roles > New.
2. Enter Role Name.
3. Go to Permission subtab > Setup > Assign following permission with level ‘full’ > Save

• Access Token Management
• Log in using Access Tokens
• User Access Tokens

4. To assign role, Go to the entity record:

• For employee, Lists > Employees > Employees.
• Rather than employee, List > Relationships > Customers / Partners / Vendors.

5. Edit > Go to ‘Access’ subtab > Roles > Select created role in step 2 > Add > Save.

Step 3: Create integration record

1. Navigate to Setup > Integration > Manage Integrations > New.
2. Enter Name, In State select ‘Enable’.
3. Go to Authentication subtab > Check ‘Token Based Authentication’ > Save
4. Confirmation page of integration record will display client credentials

Step 4: Create access token

1. Go to Setup > User/Roles > Access Token > New.
2. In Application name, select Integration Record created in step 4.
3. In User role, select user to whom role created in step 3 has been assigned.
4. In Role, select role created in step 2 > Save
5. The confirmation page of Token record will display token credentials.

Step 5: Create a Restlet Script Record  

1. Go to Customization > Scripting > Script > New.
2. Upload the Restlet script file > Create script record > Enter Script Name > Save.
3. Click on ‘Deploy Script’ button > Enter Title > Save.

Step 6: Authentication of Restlet using Postman

1. Go to Postman.
2. Enter the External URL of Restlet script created in step 6.
3. Go to Authorization page
4. Type must be ‘Oauth 1.0’
5. The signature method must be ‘HMAC-SHA 256’.
6. Enter Consumer Key and Consumer Secret created in step 4.
7. Enter Token ID and Token Secret created in step 5.

8. Version must be ‘1.0’

9. Enter Account Id (Capital letters) in Realm.

10. Go to Header page, enter ‘Content-Type’ as key and ‘text/plain’ as value.11. Click on ‘send’ button. And Restlet response will be displayed in Response Body.

 

3. Oauth 2.0:

This authentication is used for RESTlets, REST web services, and Suite Analytics Connect. It does not support SOAP web services. This method eliminates the need for an Access token. OAuth 2.0 is an industry-standard protocol for authorization and is widely used for secure access to web resources.

Authentication process of Restlet in Postman using Oauth 2.0:

 

Step 1: Enable Features

1. Navigate to Setup > Company > Enable Features > Suite Cloud > Check Client SuiteScript & Server SuiteScript > Click I Agree > Check Token-Based Authentication > Click I Agree > Save.

Step 2: Create Role and assign it to User

1. Go to Set up > User/Roles > Manage roles > New.
2. Enter Role Name.
3. Go to Permission subtab > Setup > Assign following permission with level ‘full’ > Save

• Log in using OAuth 2.0 Access Tokens
• OAuth 2.0 Authorized Applications Management
• SuiteScript
• User Access Tokens

4. To assign role, Go to the entity record:

• For employee, Lists > Employees > Employees.
• Rather than employee, List > Relationships > Customers / Partners / Vendors.

5. Edit the user record > Access subtab > Roles > Select created role in step 2 > Add > Save.

 

Step 3: Create integration record

1. To generate tokens, go to Setup > Integration > Manage Integrations > New.
2. Enter Name, In State select ‘Enable’.
3. Go to Authentication subtab > OAuth 2.0 > Check following:

• Authorization Code Grant
• Restlets
• Restlet Web Services

4. In Redirect URL, enter any valid URL that will be used to generate authentication code in the next steps. This URL will be constant throughout the process.
5. The confirmation page of integration record will display client credentials.

 

Step 4: Create a Restlet Script Record 

1. Go to Customization > Scripting > Script > New.
2. Upload the Restlet script file > Create script record > Enter Script Name > Save.
3. Click on ‘Deploy Script’ button > Enter Title > Save.

 

Step 5: Authentication of Restlet using Postman

Generate Authentication Code:

1. Here, URL needs to be created using following parameters:

• Base URL -

https://<Enter_Your_Account_ID>.app.netsuite.com/app/login/oauth2/authorize.nl.

• response_type - code
• client_id - Enter client Id created in step 4.
• redirect_uri – Enter redirect URL of Integration record created in step 4.
• Scope - restlets.
• State – ykv2XLx1BpT5Q0F3MRPHb94j.

2. URL would be like:

https://{Enter_Your_Account_Id}.app.netsuite.com/app/login/oauth2/authorize.nl?response_type=code&client_id{Enter_Your_Client_Id}&redirect_uri=https://system.netsuite.com/pages/customerlogin.jsp&scope=restlets&state=ykv2XLx1BpT5Q0F3MRPHb94j

3. Enter this URL in browser
4. The user must be redirect to the following :

5. Click on ‘Continue’ button

6. The user will be redirected to the redirect URL specified in the Integration record.

7. Redirect URL will be appended with Authentication code like:

https://system.netsuite.com/pages/customerlogin.jsp?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=3&entity=-5&company{Account_ID}&code=f3febba4b90a496b02ecce1749a3b5241669c9b977c46499c09d76d3f37ef869

8. Note above code this will be used in further steps.

 

Generate Refresh Token in Postman:

1. Go to postman
2. Enter a URL in postman -

https://{Enter_Your_Account_Id}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token

3. HTTP Method will be ‘POST’
4. Go to Authorization page
5. In Type select ‘Basic Auth’
6. In Username and Password enter client id and client secret respectively created in step 4.

7. Go to the Body page

8. Select ‘x-www-form-urlencoded'

9. Enter following Key Values in Body

• code - Enter authorization code generated in previous step.
• redirct_uri - Enter redirect URL of Integration record.
• grant_type - authorization_code.

10. Click on Send.

11. This Post request will return access token and refresh token in Response body.

12. Note that refresh token will be used in further steps.

 

Generate Access Token in Postman:

1. Create a new request in postman
2. Enter a URL in postman -

https://{Enter_Your_Account_Id}.suitetalk.api.netsuite.com/services/rest/auth/oauth2/v1/token

3. HTTP Method will be ‘POST’
4. Go to Authorization page
5. In Type select ‘Basic Auth’
6. In Username and Password enter client id and client secret resp. created in step 4.

7. Go to the Body page

8. Select ‘x-www-form-urlencoded'

9. Enter following Key Values in Body

• refresh_token – Enter refresh token generated in previous step.
• redirct_uri - Enter redirect URL of Integration record.
• grant_type – refresh_token.

10. Click on Send.

11. This Post request will return access token in Response body.

12. Note that access tokens will be used in further steps.

 

Authenticate Restlet :

1. Create a new request in postman.
2. Enter External URL of Restlet.
3. In Type select ‘Bearer Token’.
4. In Token, enter access token generated in previous step.
5. Go to Header page, Enter ‘Content-Type’ as a Key ‘text/plain’ as a value.

6. Click on ‘send’ button. And Restlet response will display in Response Body.

 

Conclusion:

In this way, Oracle NetSuite offers a range of authentication methods, ensuring secure access to its cloud-based platforms. From traditional username-password authentication to advanced token-based and OAuth 2.0 methods, NetSuite provides robust options for both user interface and API access. Implementing these methods involves following clear steps, ultimately enhancing the security of NetSuite deployments.