NetSuite

This page outlines the process of configuring and using the NetSuite API through Zilla to sync Users, and roles.

Note: Netsuite does not provide an out of the box REST API. A REST API can be created by installing a small piece of software called “RESTlet” in your NetSuite installation. This RESTlet will create the API endpoint required for the API integration. Zilla has built a RESTlet capable of extracting accounts and roles in Netsuite. Please reach out to your Zilla Security contact for additional details.

Summary

Pre-Install

Take the following javascript code and save it into a file called ZillaUAR.js:

/** * @NApiVersion 2.1 * @NModuleScope Public * @NScriptType Restlet * */ define(["N/search"], function (search) { /** * getEmployees - gets a list of all active employees with log in access * @returns JSON payload of employees, attributes, and roles * */ function getEmployees() { var _employeeSearchObj = search.create({ type: "employee", filters: [ ["giveaccess","is","T"], "AND", ["isinactive","is","F"] ], columns: [ search.createColumn({name: "internalid", label: "Internal ID"}), search.createColumn({name: "externalid", label: "External ID"}), search.createColumn({ name: "entityid", sort: search.Sort.ASC, label: "Name" }), search.createColumn({name: "email", label: "Email"}), search.createColumn({name: "firstname", label: "First Name"}), search.createColumn({name: "lastname", label: "Last Name"}) ] }); // var searchResultCount = _employeeSearchObj.runPaged().count; // log.debug("_employeeSearchObj result count",searchResultCount); var _employeeArray = []; _employeeSearchObj.run().each(function(result){ // .run().each has a limit of 4,000 results _employeeArray.push({ "id": result.getValue({name: "internalid"}), "externalid": result.getValue({name: "externalid"}), "status": "Active", "email": result.getValue({name: "email"}), "firstname": result.getValue({name: "firstname"}), "lastname": result.getValue({name: "lastname"}), "roles": getRolesByEmployee(result.getValue({name: "internalid"})) }) return true; }); return _employeeArray; } /** * getRolesByEmployee - gets all roles assigned to a specific employee * @param _employeeID - internal ID of the employee record * @returns array of roles associated with the employee */ function getRolesByEmployee(_employeeID) { var _employeeSearchObj = search.create({ type: "employee", filters: [ ["internalid", "anyof", _employeeID] ], columns: [ search.createColumn({name: "role", label: "Role"}) ] }); // var searchResultCount = _employeeSearchObj.runPaged().count; // log.debug("_employeeSearchObj result count",searchResultCount); var _roleArray = []; _employeeSearchObj.run().each(function(result){ // .run().each has a limit of 4,000 results _roleArray.push(result.getText("role")); return true; }); return _roleArray; } return { /* Restlet Entry Point */ get: /** * <function description> * @param context * @returns ??? * */ function _get(context) { return getEmployees(); } }; } );

Setup in Netsuite

1. Create a Role

  1. Go to Setup > Users/Roles > Manage Roles > New

  2. Assign the role scopes:

    1. Lists -> Employees

    2. Lists -> Employees Records

    3. Lists -> Subsidiaries

    4. Lists -> Integration Applications

    5. Setup -> REST Web Services

    6. Setup -> Login Using Access Tokens

    7. Setup -> Bulk Manage Roles

    8. Setup -> View Login Audit Trail

  3. Give the role access to all subsidiaries

2. Create a New User

  1. Go to Lists->Employees->Employees->New

  2. Enter a Name and Email

  3. Check GIVE ACCESS in the Access subtab and assign a password to the account

  4. Assign the Role made in the previous step to this user

3. Create an Integration in NetSuite

  1. Go to setup->integration->manage integrations->new create a new Zilla integration

  2. Check 'token based authentication' and 'RESTLets', uncheck 'TBA Authorization Flow' and 'authorization code grant', then save

  3. Copy Client ID and Secret for later use

image.png

4. Create an Access Token

  1. Go to Setup -> Users/Roles -> Access Tokens -> New

  2. Generate a Consumer Token assigned to the user you created previously

    1. Store the access secret and token for later use

5. Upload Script

  1. Upload the script (Customization->Scripting->Scripts->New).

Note: Make sure the script name and name of the script deployment are the same as the name (ZillaUAR.js) of the file (include the .js). 

  1. Make the created user an owner of the script

  2. Select Deploy Script

  3. Add the Zilla integration Role to script deployment. Make status 'released'

  4. Add your subsidiary to the script

  5. Copy the External URL that appears once you save it for later use

Set up NetSuite Application Integration on Zilla:

  • Visit the Zilla application and login using your admin credentials and then click Add Application in the top right.

image-20240416-175645.png
  • A window with a search bar appears, type in netsuite in the search bar. NetSuite application entry will appear at the top of the list, click Add to Applications button to the right.

  • Fill in the form with appropriate details and then click Add to Applications button.

  • A detailed view of NetSuite application appears. Click Sync now or the gear icon in top right corner to configure your application.

  • Enable API Integration option from the dialog.

  • Add the configuration details, check the information below this screenshot.

Enter all of your information into the corresponding fields in Zilla:

  1. Consumer Key: Take from “3. Create an Integration in NetSuite” Section above

  2. Consumer Secret: Take from “3. Create an Integration in NetSuite” Section above

  3. Signature Method: value will be: HMAC-SHA256

  4. Realm: AccountID value found in the EXTERNAL URL value. For example, if the URL is https://123.restlets.api.netsuite.com … then the Realm value is 123. 

If you’re using sandbox environment, the Realm value needs to be 123_SB (with an underscore, not a hyphen). As an example, if my external URL is https://123-sb1.restlets.api.netsuite.com… then this value needs to be 123-SB1

  1. Users Endpoint: Taken from the Script Deployment record’s EXTERNAL URL value.

  1. Access Token: Token ID from Create a New Access Token Section

  2. Token Secret: Token Secret from Create a New Access Token Section

  3. Sync permission associated to roles ? : Default is No. If set to No, it will not synchronise permissions associated with roles. If set to Yes, it will synchronise the permissions of all roles..

  • Once the configuration is complete click Next/Sync Now.

  • Click Next and it will begin the sync. The Click Done on the next pop-up that appears. After reviewing the sync summary pop-up, click Close.

  • Once the sync has been completed all accounts should appear under the Accounts tab.