This guide outlines the process of connecting Oracle NetSuite to Synder via Token-Based Authentication (TBA). This method allows Synder to securely access your NetSuite account without requiring user credentials for each session.
- Submitting Credentials to Synder
- Prerequisites
- Enabling Required Features in NetSuite
- Role-based permission scopes
- Option A: Copying an existing role
- Main role settings
- Permissions to be adjusted
- Option B: Creating a Custom Role for Synder Integration
- Main Role Settings
- Permissions
- Assigning the Role to a User
- Locating the NetSuite Account ID
- Creating the Integration Record
Submitting Credentials to Synder
Provide the following information to Synder:
- NetSuite Account ID
- Consumer Key (from integration record)
- Consumer Secret (from integration record)
- Role ID (from the custom role)
Here’s a helpful video displaying where these ID’s can be retrieved from Oracle Netsuite:
After submitting these credentials, the user will be redirected to a NetSuite authorization page. Upon granting access, Synder will generate an Access Token and Token Secret required for integration.
Prerequisites
- Administrator access to Oracle NetSuite
- Permission to manage roles, integrations, and account configurations
- Access to the “Enable Features” and “Company Information” sections in NetSuite
Enabling Required Features in NetSuite
- Navigate to:
Setup → Company → Enable Features → SuiteCloud - Enable the following options:
- SuiteTalk (Web Services): SOAP Web Services
- SuiteTalk (Web Services): REST Web Services
- Token-Based Authentication
- Save the changes.
Role-based permission scopes
Oracle Netsuite has a very well-developed and precise role-based permission system. You can either copy an existing role in your Netsuite (such as Accountant) and make sure it has the minimum access scopes outlined below, or create a new role specially for Synder and assign needed permissions.
Option A: Copying an existing role
- Navigate to:
Setup → Users/Roles → Manage Roles. - Select an existing role, e.g. Accountant and click Customize next to it.
- This will create a copy of the existing role. Now you will need to check that it has all the minimum permissions listed below in the Creating a Custom Role for Synder Integration section.
Here is what you will need to add or modify to customize the standard Accountant role:
Main role settings
| Setting | Value |
| Core Administrative Permissions | Enabled |
| Employee Restrictions | None |
| Accessible Subsidiaries | All |
| Cross-Subsidiary Record Viewing | Enabled |
| Trusted Device Duration | Per-session |
| Two-Factor Authentication | Disabled |
Permissions to be adjusted
| Category | Permission | Standard Role | Custom Role | Action |
| Lists | Classes | Edit | Full | Upgrade from Edit to Full |
| Lists | Currency | None | View | Add permission at View level |
| Lists | Custom Record Entries | None | View | Add permission at View level |
| Lists | Customers | Edit | Full | Upgrade from Edit to Full |
| Lists | Departments | Edit | Full | Upgrade from Edit to Full |
| Lists | Locations | Edit | Full | Upgrade from Edit to Full |
| Lists | Subsidiaries | None | View | Add permission at View level |
| Setup | Access Token Management | None | Full | Add permission at Full level |
| Setup | Custom Record Types | None | View | Add permission at View level |
| Setup | Custom Segments | None | View | Add permission at View level |
| Setup | SuiteScript | None | View | Add permission at View level |
| Transactions | Journal Approval | None | Full | Add permission at Full level |
| Transactions | Make Journal Entry | Edit | Full | Upgrade from Edit to Full |
- Save the role and note the Role ID from the URL (e.g., …role.nl?id=1218 → Role ID: 1218).
Option B: Creating a Custom Role for Synder Integration
- Navigate to:
Setup → Users/Roles → Manage Roles → New - Create a new role with the following details:
- Role Name: Synder Integration Role
- Role Type: Custom Role
Main Role Settings
| Setting | Value |
| Core Administrative Permissions | Enabled |
| Employee Restrictions | None |
| Accessible Subsidiaries | All |
| Cross-Subsidiary Record Viewing | Enabled |
| Trusted Device Duration | Per-session |
| Two-Factor Authentication | Disabled |
Permissions
Below is a table of all permissions that Synder needs to operate.
| Sub-tab | Permission Key | Permission Level | Notes / Purpose |
| Transactions | Find Transaction | FULL | Full ability to find/search transactions |
| Transactions | Journal Approval | FULL | Full authority to approve journals |
| Transactions | Make Journal Entry | FULL | Full authority to enter journals |
| Transactions | Posting Period on Transactions | FULL | Full authority to post accounting periods |
| Reports | SuiteAnalytics Workbook | EDIT | Can edit analytics reports |
| Lists | Accounts | EDIT | Can edit chart of accounts |
| Lists | Classes | EDIT | Can edit classification lists |
| Lists | Contact-Subsidiary Relationship | VIEW | Can view contacts across subsidiaries |
| Lists | Contacts | FULL | Full authority over contacts |
| Lists | Currency | VIEW | Can view currency list |
| Lists | Customers | FULL | Full access to customers/jobs |
| Lists | Departments | EDIT | Can edit department list |
| Lists | Documents and Files | FULL | Full authority over file cabinet |
| Lists | Entity-subsidiary relationship | VIEW | Can view entity-subsidiary relationships |
| Lists | Items | EDIT | Can edit items (products, services) |
| Lists | Locations | EDIT | Can edit location list |
| Lists | Other Names | EDIT | Can edit “Other Name” entities |
| Lists | Perform Search | FULL | Full authority for searching across lists |
| Lists | Subsidiaries | VIEW | Can view subsidiaries |
| Lists | Custom Record Entries | VIEW | Can view custom segments |
| Setup | Access Token Management | FULL | Full control over OAuth tokens |
| Setup | Accounting Lists | EDIT | Can edit accounting-related lists |
| Setup | Accounting Management | EDIT | Can edit accounting setup |
| Setup | Log in using Access Tokens | FULL | Full authority to log in via OAuth |
| Setup | REST Web Services | FULL | Full authority to access REST web services |
| Setup | SOAP Web Services | FULL | Full authority to access SOAP-based web services |
| Setup | Custom Record Types | VIEW | View custom record types |
| Setup | Custom Segments | VIEW | View Custom segments |
| Setup | SuiteScript | VIEW | View custom segments setup |
| Setup | Subsidiary Settings Manager | VIEW | Can view subsidiary settings |
| Custom Record | Select needed custom segments | FULL | Full access to custom records and custom segments |
- Save the role and note the Role ID from the URL (e.g., …role.nl?id=121 → Role ID: 121).
Assigning the Role to a User
- Navigate to:
Setup → Users/Roles → Manage Users - Assign the newly created custom role to the appropriate user account. This user needs to log in and perform the Synder authentication process.
Locating the NetSuite Account ID
- Navigate to:
Setup → Company → Company Information - Locate the Account ID field. This will be required by Synder.
Creating the Integration Record
- Navigate to:
Setup → Integration → Manage Integrations → New - Create a new integration with the following settings:
- Name: Synder
- Enable:
- Token-Based Authentication
- TBA: Authorization Flow
- Provide the Callback URL https://go.synder.com/dsOauth/netsuite/callback as required by Synder.
- Disable all other options.
- Save the integration and copy the Consumer Key and Consumer Secret immediately. These values are only visible at the time of creation.
