Capabilities
The NetSuite connector supports automatic account provisioning.
This connector does not support account deprovisioning. You must deprovision accounts directly in NetSuite.
Account provisioning
The NetSuite connector supports creating new employee accounts directly from C1. When configuring an account provisioning policy, you can map the following fields.Required fields
Optional fields
Role assignment and login access
giveAccess controls whether the employee can log into NetSuite. skipDefaultRole controls whether the connector assigns the Employee Center role when no roleID is provided.
If roleID is provided, the specified role is always assigned. skipDefaultRole is ignored. Login access is determined by giveAccess.
If roleID is not provided, skipDefaultRole is false (default), and giveAccess is true (default), the connector assigns the Employee Center role automatically. This requires the Employee Center role to exist and be assignable in your NetSuite tenant.
If roleID is not provided and skipDefaultRole is true, no role is included in the create request.
If roleID is not provided and giveAccess is false, no role is included in the create request regardless of skipDefaultRole.
To add
giveAccess or skipDefaultRole to your mapping, click Add mapping in the Optional mappings section of the provisioning policy configuration.Login Access
The connector surfaces whether an employee can sign in to NetSuite as a dedicated Login Access entitlement. Employees who have login access receive a grant on this entitlement.Login Access only controls whether an employee can sign in. It does not assign or remove roles. Use role grants to control what an employee can do once they can log in.
Revoking the last role
NetSuite does not allow removing the last role from an employee whilegiveAccess is true. If you attempt to do so, the API returns an error.
By default, the connector does not override this restriction. To allow the connector to automatically set giveAccess = false before revoking an employee’s last role, enable the revoke-access-with-last-role flag.
Gather NetSuite credentials
Configuring the connector requires you to pass in credentials generated in NetSuite. Gather these credentials before you move on.Locate your NetSuite Account ID
1
In NetSuite, navigate to Setup > Company > Company Information.
2
Find the ACCOUNT ID field on the page. Make a note of your account ID. We’ll use it in Step 5.
Generate a consumer key and consumer secret
1
In NetSuite, navigate to Setup > Integrations > Manage Integrations. Click New to create a new integration.
2
Give the new integration a name, such as “C1”.
3
Check the box for TOKEN-BASED AUTHENTICATION.
4
Click Save. The new integration is created, and its consumer key and consumer secret are shown.
5
Make a careful note of these credentials (they won’t be shown again).
Create a NetSuite role and add it to a user
1
Still in NetSuite, navigate to Setup > Users/Roles > Manage Roles. Click New to create a new role.
2
Give the new role a name, such as “C1 integration”.
3
Assign the following permissions to the role:
- Setup - REST Web Services
- Setup - Log in using Access Tokens
- Setup - Bulk Manage Roles
- Reports- Suite Analytics Workbook
- Lists - Employee Record
- Lists - Employees
4
Click Save.
5
Next, assign the new role to a user. You might want to create a new user for this purpose rather than assigning the role to an existing user. Navigate to Lists > Employees > Employees, then search for the employee by email.
6
Click Edit next to the name of the employee you want to assign a role to.
7
Click the Access subtab.
8
In the Role field, select a role for this employee.
9
Click Add.
10
Click Save.
Generate a token key and token secret
1
In NetSuite, navigate to Setup > Users/Roles > Access Tokens. Click New to create a new token.
2
Select the application (integration), role, and user you created in the previous steps, and give the token a name.
3
Click Save. The new token is created, and its key and secret are shown.
4
Make a careful note of these credentials (they won’t be shown again).
Configure the NetSuite connector
- Cloud-hosted
- Self-hosted
Follow these instructions to use a built-in, no-code connector hosted by C1.Done. Your NetSuite connector is now pulling access data into C1.
1
In C1, navigate to Integrations > Connectors and click Add connector.
2
Search for NetSuite and click Add.
3
Choose how to set up the new NetSuite connector:
- Add the connector to a currently unmanaged app (select from the list of apps that were discovered in your identity, SSO, or federation provider that aren’t yet managed with C1)
- Add the connector to a managed app (select from the list of existing managed apps)
- Create a new managed app
4
Set the owner for this connector. You can manage the connector yourself, or choose someone else from the list of C1 users. Setting multiple owners is allowed.If you choose someone else, C1 will notify the new connector owner by email that their help is needed to complete the setup process.
5
Click Next.
6
Find the Settings area of the page and click Edit.
7
In the Account ID field, enter the NetSuite domain.
8
In the Consumer key and Consumer secret fields, enter the credentials you generated.
9
In the Token key and Token secret fields, enter the credentials you generated.
10
(Optional) In the Custom Employee Fields field, enter a comma-separated list of custom employee field IDs to include in the sync (e.g.
custentity_zone,custentity_cost_center). See Custom Fields for details.11
Click Save.
12
The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.
Custom Fields
The NetSuite connector supports syncing custom employee fields. Custom field values are added to the user profile attributes in C1, making them available for access reviews and reporting.Finding custom field IDs
Custom field IDs can be found in NetSuite under Customization > Lists, Records, & Fields > Entity Fields. The field ID is shown in the ID column (e.g.custentity_zone).
Permissions for custom fields
Each custom field in NetSuite has its own field-level access controls, separate from the base employee record permissions. The connector’s role must have at least View-level access to each custom field being synced. Field access is configured per-field in NetSuite:- Navigate to Customization > Lists, Records, & Fields > Entity Fields.
- Click on the custom field.
- Go to the Access subtab.
- Ensure the connector’s role has View, Run, or Edit access.