The steps to enable Token Based Authentication (TBA) in your NetSuite account are typically done by your NetSuite Administrator. They may, however, choose to allow end users to create tokens on their own. If you are not an Admin and are an end user with permissions to create tokens skip to Step 2.
If you have already created your tokens learn how to log in using them in this article.
Prerequisites for TBA
- You should have already installed Celigo CloudExtend Outlook Bundle before beginning.
- Token Based Authentication is enabled in your NetSuite account -- Setup > Company > Setup Tasks > Enable Features > SuiteCloud > Manage AuthenticationMake sure “Token Based Authentication” is checked.
- A CloudExtend Outlook for NetSuite Enterprise Edition subscription
- For use with CloudExtend Apps, users must have web services permissions enabled for their role.
Steps to Setup TBA access
Step 1: Add TBA permissions to the desired roles (or create new roles)
Decide if you will allow users to create their own tokens or if a user (such as Admin) will create tokens for the users.
For the role that will be ‘creating’ tokens (ie Admin or the user as decided above) be sure that the permission ‘User Access Tokens’ has been enabled.
For the role that will be using the tokens to sign in (typically a user) be sure that the permission ‘Log in using Access Tokens’ has been enabled.
Step 2: Create Access Tokens This step may be performed by end users if they were granted the 'User Access Tokens' permissions above, otherwise a NetSuite Admin will need to create the tokens.
- If you are an admin creating a token for your admin role you must create your token from the home page (scroll to bottom left and you will see 'Manage Access Tokens' under settings.
- For all other users, please use global search for page: tokens or navigate to Setup->Users/Roles->Access Tokens
- Select New Access Token
- Select the application (Celigo CloudExtend (Token-Based Auth)) the desired role, and accept the default name for the token name or supply your own then press save.
- IMPORTANT - Save the token ID and token secret on the next screen to a secure location as these need to be shared with each licensed user to be entered into the app and subsequently login.
Step 3: License Portal Configuration(done by portal admin)
The CloudExtend portal administrator now needs to enable org wide Token Based Authentication for the Outlook App by signing into the CloudExtend Admin portal at subscriptions.celigo.com (for more detailed information on the Admin portal see this article).
Associate the subscription with your NetSuite account by doing the following
The 4 screenshots below represent the following 4 steps to take once logged in to subscriptions.celigo.com.
- Click on Accounts
- Connect your NetSuite account
- Click 'Manage Account'
- Enable Token Based Authentication (note you may also leave 'Basic Credentials' enabled if you want to allow user name and password as an option for users.
Step 4: Securely distribute the token details to licensed users
Please use a secure mechanism such as LastPass to provide the following information to each individual user a token ID and secret was created for.
- Their token ID and secret created in Step # 2
- Your organization's NetSuite ID which will be needed for their 1st login
Step 5: End user login
End users should subsequently follow the instructions for TBA login in this article,