IMPORTANT UPDATE
As of December 18, 2019, CloudExtend launched a new login flow that completely eliminates the steps in this article. Please refer to this article for more information on the new login flow including how you can get it now.
The steps below are no longer required as of December 18, 2019 and are only listed for historical purposes.
The steps to enable Token Based Authentication (TBA) in your NetSuite account are typically done by your NetSuite Administrator. They may, however, choose to allow end users to create tokens on their own. If you are not an Admin and are an end user with permissions to create tokens skip to Step 2.
If you have already created your tokens learn how to log in using them in this article.
Prerequisites for TBA
- You should have already installed Celigo CloudExtend Outlook Bundle before beginning.
- Token Based Authentication is enabled in your NetSuite account -- Setup > Company > Setup Tasks > Enable Features > SuiteCloud > Manage AuthenticationMake sure “Token Based Authentication” is checked.
- A CloudExtend Outlook for NetSuite Enterprise Edition subscription
- For use with CloudExtend Apps, users must have web services permissions enabled for their role.
Steps to Setup TBA access
Step 1: Add TBA permissions to the desired roles (or create new roles)
Decide if you will allow users to create their own tokens or if a user (such as Admin) will create tokens for the users.
For the role that will be ‘creating’ tokens (ie Admin or the user as decided above) be sure that the permission ‘User Access Tokens’ has been enabled.
For the role that will be using the tokens to sign in (typically a user) be sure that the permission ‘Log in using Access Tokens’ has been enabled.
Step 2: Create Access Tokens
Determine how to create your tokens, ie are you an Admin or end user creating tokens for yourself or are you an Admin creating tokens to distribute to end users.
Admin OR end user creating a token for yourself?
You must create your token from the home page (scroll to bottom left and you will see 'Manage Access Tokens' under settings. Then follow the instructions below starting at 'Select New Access Token'. Note, in order for end users to grant tokens for themselves they must be granted the 'User Access Tokens' permissions for their role.
Admin creating tokens for distribution to other users?
Use global search for page: tokens or navigate to Setup->Users/Roles->Access Tokens. Then follow the instructions below starting at 'Select New Access Token'.
- Select New Access Token
- Select the application (Celigo CloudExtend (Token-Based Auth)) the desired role, and accept the default name for the token name or supply your own then press save.
- IMPORTANT - Save the token ID and token secret on the next screen to a secure location as these need to be shared with each licensed user to be entered into the app and subsequently login.
Step 3: License Portal Configuration(done by portal admin)
The CloudExtend portal administrator now needs to enable org wide Token Based Authentication for the Outlook App by signing into the CloudExtend Admin portal at subscriptions.celigo.com (for more detailed information on the Admin portal see this article).
Associate the subscription with your NetSuite account by doing the following
The 4 screenshots below represent the following 4 steps to take once logged in to subscriptions.celigo.com.
- Click on Accounts
- Connect your NetSuite account
- Click 'Manage Account'
- Enable Token Based Authentication (note you may also leave 'Basic Credentials' enabled if you want to allow user name and password as an option for users.
Step 4: Securely distribute the token details to licensed users
Please use a secure mechanism such as LastPass to provide the following information to each individual user a token ID and secret was created for.
- Their token ID and secret created in Step # 2
- Your organization's NetSuite Account number which will be needed for their 1st login
Step 5: End user login
End users should subsequently follow the instructions for TBA login in this article,