Token Based Authentication in NetSuite:
NetSuite supports
token-based authentication (TBA) a robust, industry standard-based mechanism
that increases overall system security.
This authentication mechanism enables
client applications to use a token to access NetSuite through APIs, eliminating
the need for RESTlets or web services integrations to store user credentials.
Tokens can be used instead
of usernames and passwords.
Benefits of using the TBA:
- Safer and Easier to manage.
2 - Programmatically can create Tokens.
3 - Password rotation policies don’t apply to
Tokens, like if any password that is expired then you don’t need to worry about
it
.Below are the steps which needs to be followed to setup TBA in NetSuite:
1
- Enable the Token Based Authentication feature in
NetSuite.
2 - Setup the TBA roles with permissions.
3 - Assign the TBA Roles to the users.
4 - Setup applications for Token based
authentications.
5 - Create User Tokens.
Here is how to implement in detail:
N 1. Navigate to Enable Features page:
s Setup -> Company -> Enable Features:
Under Suite cloud Tab -> Under Manage Authentication Section -> Select "Token Based Authentication.
It will as you to take action on "Terms of Service" , select "I agree" button. Then click on save button.
2. Setup the TBA roles with permissions.
Once the service is enabled, we can assign below Token-based Authentication Permissions to any role: (Except Administrator)
Access Token Management
- Users (Non Administrator role) with this role can create and revoke access tokens for user with TBA role enabled.
- A user who doesn't have "Administrator" role cannot create tokens for administrator.
- Cannot create access for their own use.
- Cannot use access tokens to login through RESTLets or WebServices.
User Access Tokens
- Users with this permission can manage their own tokens using the Manage Access Tokens link in the Settings portlet, and they can log in using a token.
- Users can use access to login through RESTLets or WebServices.
Log in using Access Tokens
- Users with only this permission can log in using a token, that is, they can to use tokens to call a RESTlet.
- Cannot create their own access tokens through a link in the Settings portlet, or by calling the token endpoint.
Create a new Role and assign TBA permissions to it:
Go to Setup -> Users/ Roles - > Manage Roles -> New
Go to the role in create/Edit mode, Under Permissions Tab: Select the any of the TBA permissions as per the requirement and save the role.
Assign the TBA Roles to the users:
Now, after creating the role, then go to the employee record to whom you want assign,
Lists -> Employees -> List -> Select the employee (Select New if you want to create):
In Access Subtab - > Roles -> Add the newly created role, and save the employee record.
Setup applications for Token based authentications.
We can see all the Integration applications in the below navigation:
Setup -> Integrations -> Manage Integrations -> List (we can see all the 3rd party integration applications list)
For our test, we are creating new Integration, like below:
If the State is Enabled means: if you want to permit connections from the external application represented by this integration record.
If the State is Blocked means : if you want to prevent such connections.
Click on the Token-Based Authentication check box under "Authentication" subtab and save the integration record.
Once the Integration is saved then the "Application ID" will be generated automatically.
And under "Authentication" section, We can see "Consumer Key" and "Consumer Secret".
For Security reasons the Consumer key/Secret displays only one time. If suppose you forget the the key then you will need to reset them to obtain new values.
Create User Tokens:
We can assign user Tokens with below navigation:
Setup -> Users/Roles -> Access Tokens -New
\
Select the Application which needs to be integrated, then select the user (it will list the employee name who has the TBA roles), select the TBA role, Token Name field is populated with a concatenation of Application Name, User, and Role. Enter your own name for this token, if desired.
After saving this record, system will generate automatically a Token ID and Token Secret which will only displayed for one time.
Creating own Tokens:
Go to Home -> Settings portlet -> Manage Token (here we can see list of the my access tokens ).
No comments:
Post a Comment