1
Setting up the Role and Permissions for NetSuite
Updated: June 18, 2020
© SAP Concur 2020 All Rights Reserved
Setting up the Role and Permissions for NetSuite
Complete the steps described in this document prior to completing the steps in: Creating
NetSuite Token Authentication Keys
1. Fi
rst enable Web Services. Click Setup > Company > Enable Feature > Suite Cloud
tab.
2. A custom role should be created called ‘XXXX Concur’ (where XXXX is the company
name) with access to all subsidiaries. Check the box for the preferences Do Not
Restrict Employee Fields.
Th
e role is set with the following permissions:
Subtab
Permission Name
Level
Transactions
Bills
Edit
Transactions
Expense Report
Edit
Transactions
Find Transaction
Full
Transactions
Pay Bills
Edit
Transactions
Vendor Bill Approval
Edit
Lists
Accounts
View
Lists
Classes
View
Lists
Currency
View
Lists
Customers
View
Lists
Documents and Files
View
Lists
Departments
View
Lists
Employees
View
Lists
Employee Record
Full
Lists
Expense Categories
View
Lists
Locations
View
Lists
Notes Tab
View
Lists
Perform Search
View
Lists
Projects
View
Lists
Subsidiaries
View
Lists
Tax Records
View
Lists
Tax Schedules
View
2
Setting up the Role and Permissions for NetSuite
Updated: June 18, 2020
© SAP Concur 2020 All Rights Reserved
Lists
Vendors
View
Setup
Accounting Lists
View
Setup
Custom Lists
View
Setup
Custom Body Fields
View
Setup
Custom Column Fields
View
Setup
Custom Entity Fields
View
Setup
Custom Fields
View
Setup
Custom Segments
Full
Setup
Log in using Access Tokens
Full
Setup
User Access Tokens
Full
Setup
(SOAP) Web Services
Full
*So
me of the above permissions are dependent on the feature enabled in
NetSuite (e.g., Subsidiaries, Department, Class, Location, Tax Schedules) and/or
may not be required depending on the level of integration with Concur (e.g.,
Bills, Projects, Vendors, Custom Lists).
3. If da
ta is imported to NS as Expense Reports, Expense Categories need to be created
in NetSuite (NS). Click Setup > Accounting > Expense Categories. These are
associated to the appropriate GL account.
4. If
users are set up as Employees in NS, Expense Reports need to be enabled Click
Setup > Company > Enable Feature > Employees tab.
5. An E
mployee Record should be created called Concur, Integration with the email
address set to concurintegration@xxxx (XXXX is the company domain).
Please Note:
This needs to be a permanent account and does consume a general access
NetSuite user license.
This email address does not need to be created in the customer’s email
system as it is just an identifier for the Concur team.
6. Provide the Employee Record created with role access to the custom role created.
7. Pro
vide Concur with the NetSuite Account ID. This information is found by navigating
to Setup > Integration > Web Services Preferences.
8. Ple
ase complete the steps described in: Creating an Access Token for NetSuite
document and provide the information listed below.
*If using a Sandbox to test, please create a separate set of access tokens. The values
for the fields below need to be unique between the Sandbox and Production
environments.
3
Setting up the Role and Permissions for NetSuite
Updated: June 18, 2020
© SAP Concur 2020 All Rights Reserved
Pl
ease copy and paste the NetSuite Authentication Token information here. Do not send
screen shots.
Pl
ease password protect this document and email it to the assigned project manager.
Au
thentication
Token-Based Authentication:
NetSuite supports Token-Based Authentication (TBA) a robust, industry standard-based
mechanism that increases overall system security. This authentication mechanism enables
client applications to use a token to access NetSuite through APIs, eliminating the need for
RESTlets or Web Services integrations to store user credentials. Password rotation policies
in the account do not apply to tokens, making password management unnecessary for the
customer’s RESTlet and Web Services integrations. Token-based authentication allows
integrations to comply with any authentication policy that is deployed in a NetSuite account
for UI login, such as SAML Single Sign-on, Inbound Single Sign-on, and Two-Factor
Authentication. The customer can use Two-Factor Authentication roles and roles with SAML
Single Sign-on permissions with TBA.
Two-Factor Authentication (2FA):
Two-Factor Authentication (2FA) is not compatible with Suite Talk (Web Services), which is
required for the NetSuite Connector. 2FA is only required for roles that are highly privileged.
The role for the NetSuite Connector integration is not highly privileged, therefore it should
be set to Not Required.
Username:
Password:
NetSuite Account ID:
Application ID:
Consumer Key:
Consumer Secret:
Token ID:
Token Secret: