The steps to enable Token Based Authentication (TBA) in your NetSuite account are typically done by your NetSuite Administrator. They may, however, choose to allow end users to create tokens on their own. If you are not an Admin and are an end user with permissions to create tokens skip to Step 2.
If you have already created your tokens learn how to log in using them in this article.
Prerequisites for TBA
- You should have already installed Celigo CloudExtend Excel Bundle before beginning.
- Token Based Authentication is enabled in your NetSuite account --
Setup > Company > Setup Tasks > Enable Features > SuiteCloud > Manage Authentication
Make sure “Token Based Authentication” is checked.
- A CloudExtend Excel for NetSuite Enterprise Edition subscription
- For use with CloudExtend Apps, users must have web services permissions enabled for their role.
Steps to Setup TBA access
Step 1: Add TBA permissions to the desired roles (or create new roles)
Decide if you will allow users to create their own tokens or if a user (such as Admin) will create tokens for the users.
For the role that will be ‘creating’ tokens (ie Admin or the user as decided above) be sure that the permission ‘User Access Tokens’ has been enabled.
For the role that will be using the tokens to sign in (typically a user) be sure that the permission ‘Log in using Access Tokens’ has been enabled.
Step 2: Create Access Tokens
Determine how to create your tokens, ie are you an Admin or end user creating tokens for yourself or are you an Admin creating tokens to distribute to end users.
Admin OR end user creating a token for yourself?
You must create your token from the home page (scroll to bottom left and you will see 'Manage Access Tokens' under settings. Then follow the instructions below starting at 'Select New Access Token'. Note, in order for end users to grant tokens for themselves they must be granted the 'User Access Tokens' permissions for their role.
Admin creating tokens for distribution to other users?
Use global search for page: tokens or navigate to Setup->Users/Roles->Access Tokens. Then follow the instructions below starting at 'Select New Access Token'.
- Select New Access Token
- Select the application (Celigo CloudExtend (Token-Based Auth)) the desired role, and accept the default name for the token name or supply your own then press save.
- IMPORTANT - Save the token ID and token secret on the next screen to a secure location as these need to be shared with each licensed user to be entered into the app and subsequently login.
Step 3: License Portal Configuration(done by portal admin)
The CloudExtend portal administrator now needs to enable org wide Token Based Authentication for the Outlook App by signing into the CloudExtend Admin portal at subscriptions.celigo.com (for more detailed information on the Admin portal (see this article).
- Click on Accounts
- Click on Manage Account next to the account you desire to enable TBA for
- Enable Token Based Authentication for your CloudExtend users by toggling the TBA switch to the On position. Note that you may also enable Basic Credentials.
Step 4: Securely distribute the token details to licensed users
Please use a secure mechanism such as LastPass to provide the following information to each individual user a token ID and secret was created for.
- Their token ID and secret created in Step # 2
- Your organization's NetSuite Account number which will be needed for their 1st login
Step 5: End user login
End users should subsequently follow the instructions for TBA login in this article,