This guide outlines the process of connecting Oracle NetSuite to Synder via Token-Based Authentication (TBA). This method allows Synder to securely access your NetSuite account without requiring user credentials for each session.
Prerequisites
- Administrator access to Oracle NetSuite
- Permission to manage roles, integrations, and account configurations
- Access to the “Enable Features” and “Company Information” sections in NetSuite
1. Enabling Required Features in NetSuite
- Navigate to:
Setup → Company → Enable Features → SuiteCloud - Enable the following options:
- SuiteTalk (Web Services): SOAP Web Services
- SuiteTalk (Web Services): REST Web Services
- Token-Based Authentication
- Save the changes.
2. Role-based permission scopes
Oracle Netsuite has a very well-developed and precise role-based permission system. You can either copy an existing role in your Netsuite (such as Accountant) and make sure it has the minimum access scopes outlined below, or create a new role specially for Synder and assign needed permissions.
Option A: Copying an existing role
- Navigate to:
Setup → Users/Roles → Manage Roles. - Select an existing role, e.g. Accountant and click Customize next to it.
- This will create a copy of the existing role. Now you will need to check that it has all the minimum permissions listed below in the Creating a Custom Role for Synder Integration section.
Here is what you will need to add or modify to customize the standard Accountant role:
Main role settings
| Setting | Value |
| Core Administrative Permissions | Enabled |
| Employee Restrictions | None |
| Accessible Subsidiaries | All |
| Cross-Subsidiary Record Viewing | Enabled |
| Trusted Device Duration | Per-session |
| Two-Factor Authentication | Disabled |
Permissions to be adjusted
| Category | Permission | Standard Role | Custom Role | Action |
| Lists | Classes | Edit | Full | Upgrade from Edit to Full |
| Lists | Currency | None | View | Add permission at View level |
| Lists | Custom Record Entries | None | View | Add permission at View level |
| Lists | Customers | Edit | Full | Upgrade from Edit to Full |
| Lists | Departments | Edit | Full | Upgrade from Edit to Full |
| Lists | Locations | Edit | Full | Upgrade from Edit to Full |
| Lists | Subsidiaries | None | View | Add permission at View level |
| Setup | Access Token Management | None | Full | Add permission at Full level |
| Setup | Core Administration Permissions | None | Full | Add permission at Full level |
| Setup | Custom Record Types | None | View | Add permission at View level |
| Setup | Custom Segments | None | View | Add permission at View level |
| Setup | SuiteScript | None | View | Add permission at View level |
| Transactions | Journal Approval | None | Full | Add permission at Full level |
| Transactions | Make Journal Entry | Edit | Full | Upgrade from Edit to Full |
- Save the role and note the Role ID from the URL (e.g., …role.nl?id=1218 → Role ID: 1218).
Option B: Creating a Custom Role for Synder Integration
- Navigate to:
Setup → Users/Roles → Manage Roles → New - Create a new role with the following details:
- Role Name: Synder Integration Role
- Role Type: Custom Role
Main Role Settings
| Setting | Value |
| Core Administrative Permissions | Enabled |
| Employee Restrictions | None |
| Accessible Subsidiaries | All |
| Cross-Subsidiary Record Viewing | Enabled |
| Trusted Device Duration | Per-session |
| Two-Factor Authentication | Disabled |
Permissions
Below is a table of all permissions that Synder needs to operate.
| Sub-tab | Permission Key | Permission Level | Notes / Purpose |
| Transactions | Find Transaction | FULL | Full ability to find/search transactions |
| Transactions | Journal Approval | FULL | Full authority to approve journals |
| Transactions | Make Journal Entry | FULL | Full authority to enter journals |
| Transactions | Posting Period on Transactions | FULL | Full authority to post accounting periods |
| Reports | SuiteAnalytics Workbook | EDIT | Can edit analytics reports |
| Lists | Accounts | EDIT | Can edit chart of accounts |
| Lists | Classes | EDIT | Can edit classification lists |
| Lists | Contact-Subsidiary Relationship | VIEW | Can view contacts across subsidiaries |
| Lists | Contacts | FULL | Full authority over contacts |
| Lists | Currency | VIEW | Can view currency list |
| Lists | Customers | FULL | Full access to customers/jobs |
| Lists | Departments | EDIT | Can edit department list |
| Lists | Documents and Files | FULL | Full authority over file cabinet |
| Lists | Entity-subsidiary relationship | VIEW | Can view entity-subsidiary relationships |
| Lists | Items | EDIT | Can edit items (products, services) |
| Lists | Locations | EDIT | Can edit location list |
| Lists | Other Names | EDIT | Can edit “Other Name” entities |
| Lists | Perform Search | FULL | Full authority for searching across lists |
| Lists | Subsidiaries | VIEW | Can view subsidiaries |
| Lists | Custom Record Entries | VIEW | Can view custom segments |
| Setup | Access Token Management | FULL | Full control over OAuth tokens |
| Setup | Accounting Lists | EDIT | Can edit accounting-related lists |
| Setup | Accounting Management | EDIT | Can edit accounting setup |
| Setup | Log in using Access Tokens | FULL | Full authority to log in via OAuth |
| Setup | REST Web Services | FULL | Full authority to access REST web services |
| Setup | SOAP Web Services | FULL | Full authority to access SOAP-based web services |
| Setup | Custom Record Types | VIEW | View custom record types |
| Setup | Custom Segments | VIEW | View Custom segments |
| Setup | SuiteScript | VIEW | View custom segments setup |
| Setup | Subsidiary Settings Manager | VIEW | Can view subsidiary settings |
| Custom Record | Select needed custom segments | FULL | Full access to custom records and custom segments |
- Save the role and note the Role ID from the URL (e.g., …role.nl?id=121 → Role ID: 121).
3. Assigning the Role to a User
- Navigate to:
Setup → Users/Roles → Manage Users - Assign the newly created custom role to the appropriate user account. This user needs to log in and perform the Synder authentication process.
4. Locating the NetSuite Account ID
- Navigate to:
Setup → Company → Company Information - Locate the Account ID field. This will be required by Synder.
5. Creating the Integration Record
- Navigate to:
Setup → Integration → Manage Integrations → New - Create a new integration with the following settings:
- Name: Synder
- Enable:
- Token-Based Authentication
- TBA: Authorization Flow
- Provide the Callback URL https://go.synder.com/dsOauth/netsuite/callback as required by Synder.
- Disable all other options.
- Save the integration and copy the Consumer Key and Consumer Secret immediately. These values are only visible at the time of creation.
6. Submitting Credentials to Synder
Provide the following information to Synder:
- NetSuite Account ID
- Consumer Key (from integration record)
- Consumer Secret (from integration record)
- Role ID (from the custom role)
After submitting these credentials, the user will be redirected to a NetSuite authorization page. Upon granting access, Synder will generate an Access Token and Token Secret required for integration.