Token based authentication
About Token Based Authentication
Token Based Authentication (TBA) allows a user to connect from external sources, such as Advanced Inventory mobile applications, to NetSuite systems resources, using a security token. Once an end user administrator has enabled TBA and created security tokens, the tokens are assigned to a particular role(s) which is then assigned to an end user. Using TBA supersedes the more conventional process of authenticating user access rights based on a user name and password structure.
It is recommended that the user creating and assigning the token(s) within the end user system be listed as an Administrator.
The TBA process requires support from the Advanced Inventory team as well as from the NetSuite Administrator internal to the customer's organization.
Enable the Token Based Authentication feature
To be able to utilize the Token Based Authentication function within the NetSuite environment, the feature must be enabled in the company feature set.
Suite Answers Answer ID: 41898
To enable the token based authentication feature, complete the following steps in NetSuite.
-
Go to Setup > Company > Setup Tasks > Enable Features.
-
Select the SuiteCloud subtab.
-
Scroll down to the SuiteScript section, and select the following checkboxes.
-
Client SuiteScript
-
Server SuiteScript
-
For SuiteCloud Terms of Service, select I Agree.
-
Scroll down to the Manage Authentication section, and select the Token-Based Authentication checkbox.
-
For SuiteCloud Terms of Service, select I Agree.
-
Select Save.
Important:Enabling both the Client SuiteScript and Server SuiteScript features is required to use RESTlets with token based authentication.
Create an Integration Record Token and Key
To associate the consumer key/token to the application, the NetSuite Administrator must create an Integration Record. This record will create and associate the Consumer key/token that will work in tandem with the role set up.
The following procedure briefly describes completing an Integration record. For more detailed information about the fields in this record, see Creating an Integration Record at https://netsuite.custhelp.com.
To create an application using the Integration record, complete the following steps in NetSuite.
-
Go to Setup > Integration > Integration Management > Manage Integrations > New (Administrator).
-
For Name, enter a name for your application.
-
Optional. For Description, enter a description.
-
For the application State, select from the following options.
-
Enabled (default)
-
Blocked
-
Optional. For Note, enter any comments you would like to document.
-
On the Authentication subtab, select the Token-Based Authentication checkbox.
-
Click Save.
-
Copy the token keys that are provided on the confirmation page and paste them to a secured document.
-
To view all Integrations in your account, select List.
Important:The Integration Confirmation page that displays will provide the Consumer Key and Consumer Secret for this application.
Caution:This information only appears once and will require a new set of keys if the window is closed.
Create and assign a token for a role
After the Token Based Authentication (TBA) feature has been enabled in company settings, a user with the appropriate credentials (NetSuite Administrator) must login and create or generate the token(s). The token(s) will be assigned to a particular user role (ex: Advanced Inventory Mobile Client) to allow users with the approved tokenized role, to interface between the Advanced Inventory Mobile apps and the NetSuite database.
Suite Answers Answer ID: 41902
Remember:Tokens created in your production environment are not copied to your sandbox environment during a refresh. To test token based authentication in your sandbox, you must create tokens in the sandbox environment. Each time your sandbox is refreshed, you will need to create new tokens in the sandbox.
Creating and assigning a token is three step process. To create and assign a token for a role, complete the following steps and sub-steps in NetSuite.
Users assigned a role that has the User Access Token permission can create, assign, and manage tokens for the current user and current role.
-
To create a user access TBA token, using the Manage Access Tokens link, complete the following substeps.
-
Log in to NetSuite using a role with the User Access Token permission.
-
For the Settings portlet, select Manage Access Tokens.Step Information
-
For the My Access Tokens page, select New My Access Token.Step Information
-
On the Access Token page, for Application Name, select the application name.Step InformationNote: The Token Name is already populated by default with a concatenation of Application Name, User, and Role. Enter your own name for this token, if desired.
-
Click Save.Step InformationThe confirmation page displays the Token ID and Token Secret.
-
On the Confirmation page, copy the token keys and paste to a secured document.
-
-
To confirm role permissions, complete the following substeps.
-
Go to Setup > Users/Roles > User Management > Manage Roles.Step Information
-
For Role, select either DSI_MobileClient_User or DSI_MobileClient_User_OneWorld.Step Information
-
Confirm the required TBA permissions are included in the Roles.Step Information
-
If correct, do not edit the role(s).
-
If incorrect, edit the role(s) to add the TBA permission.
-
-
-
To assign role(s) to users, complete the following substeps.
-
Go to Lists > Employees > Employees (Administrator).
-
For the employee role, select Edit next to the name of the employee you want to assign the token based authentication role to.
-
Select the Access subtab.
-
For Role, select the token based authentication role for this employee. (Advanced Inventory Roles).
-
Select Add.
-
Select Save.
-
Caution:The token ID information only appears once and will require a new set of keys if the window is closed.
View, edit, or revoke a token
After the Token Based Authentication (TBA) feature has been enabled in company settings, a user with the appropriate credentials (NetSuite Administrator) can update tokens as necessary.
Suite Answers Answer ID: 41902
Remember:Tokens created in your production environment are not copied to your sandbox environment during a refresh. To test token based authentication in your sandbox, you must create tokens in the sandbox environment. Each time your sandbox is refreshed, you will need to create new tokens in the sandbox.
To view or edit a token for a role, complete the following steps in NetSuite.
-
Go to Setup > Users/Roles > Access Tokens ( Administrator ).
-
To edit the token, select from the following list.
-
Select View to open the Access Token page and review the details of a specific token.
-
Select New Access Token to open the Access Token page and create a new token.
-
Select Edit to open the Access Token page, and then edit specific details about the token or select Revoke to revoke the token.
-
Open the Filters panel to select a value of All, Yes, or No, for Revoked status.
-
To search for a specific token, select Search at the top right corner of the Access Tokens page.
-
Note:Optionally, you can go to Setup > Other Setup > Access Tokens.
For further token information, go to NetSuite > Support > Go to SuiteAnswers and search for TBA tokens.
About revoking tokens
Token Based Authentication allows Advanced Inventory mobile app users to connect and communicate with NetSuite system resources. End user administrators create and assign these security tokens to individual roles or users. When necessary, they can also revoke a security token.
For important considerations when revoking tokens, refer to the following lists.
Revoked or inactive tokens
-
A revoked token cannot be edited. It will display with an Inactive status in list views.
-
When the Inactive box is checked for a token, the token will display as Inactive in list views, but the token can still be edited. To make the token active again, click Edit, clear the Inactive box, and click Save.
Examples of circumstances for revoking a token
-
When an application used for token-based authentication is deleted, all tokens associated with that application are revoked.
-
When an administrator removes roles from an entity (an employee, a vendor, a partner, a customer, or a contact) the tokens are still active in the system. These active tokens cannot be used by the entity for log in to NetSuite (unless the administrator adds the roles back to the entity).
-
When an application used for token-based authentication is deleted, all tokens associated with that application are revoked.
Create and assign a token for a role
There are two methods of opening the Access Token Search page. One method is to click the Search link on the top right corner of a page. To perform the alternate search method, complete the following steps in NetSuite.
Suite Answers Answer ID: 41902
-
Go to Setup > Users/Roles > Access Tokens > Search.
-
Enter or select from the available criteria.
-
Select Submit.
Token information examples
The following examples depict warning messages received as well as the two types of keys/tokens generated during the Token Based Authentication process.
Loading...
There was a problem loading this topic