> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/integrations/overview/oracle-netsuite-integration.md). # Oracle NetSuite Integration ### Overview The Oracle NetSuite integration allows Sprinto to securely read user and role information from your NetSuite account to support automated access reviews and compliance monitoring. This integration uses **token-based authentication** and the **Unified User Directory API**. Sprinto only reads the minimum user and role metadata required for compliance checks. No financial, payroll, or transactional data is accessed. **Prerequisites** * Admin access to Oracle NetSuite (required to configure roles and tokens) * Ability to enable REST and SOAP web services in NetSuite *** ### Permissions required Sprinto follows the principle of least privilege and requires minimum, read-only access wherever possible. ### On Oracle NetSuite Sprinto requires the following permissions to read user and organisational data and authenticate using access tokens. To configure permissions: 1. Go to **Setup → Users/Roles → Manage Roles.** 2. Select the role used for the integration and click **Edit.** 3. Navigate to the **Permissions** tab. #### Setup tab

Permission	Level
SOAP Web Services	View
Records Catalog	View
REST Web Services	View
Log in using Access Tokens	Full
User Access Tokens	Full
Company Information	View

#### Lists tab

Permission	Level
Employees	View
Employee Record	View
Perform Search	View
Locations	View
Subsidiaries	View
Departments	View
Classes	View

#### Reports tab

Permission	Level
SuiteAnalytics Workbook	View

{% hint style="warning" %} #### Important * Full access is required only to enable token-based authentication: * Log in using Access Tokens. * User Access Tokens. * All other permissions are read-only and used strictly for compliance monitoring. * Sprinto does not create, update, or delete users in NetSuite. * Sprinto does not access accounting, payroll, or financial records. {% endhint %} ### On Sprinto * Admin access is required to configure integrations *** ### How it works Once connected, Sprinto uses token-based authentication to securely connect to Oracle NetSuite and read user and role data. * Sprinto fetches employee records and associated role information. * The data is used to power access reviews and user-related compliance checks. * Sprinto performs an initial post-connect validation to confirm permissions and data availability. * Subsequent syncs run automatically to keep user data up to date. If required permissions are missing or credentials are invalid, Sprinto surfaces an error on the integration status page. *** ### Connect Oracle NetSuite to Sprinto #### Steps in Sprinto 1. Sign in to the Sprinto dashboard. 2. Go to **Settings**. 3. Select **Integrations** (the *Available* tab opens by default). 4. Search for **Oracle NetSuite**.

5. Select **Connect**. 6. Review the permissions and data usage details, then select **Next**.

7. Confirm that you have admin access to your Oracle NetSuite account. 8. Select **Connect to Oracle NetSuite**.

Sprinto opens a secure connection window where you must enter your NetSuite credentials. *** #### Steps in Oracle NetSuite You must generate the required credentials in Oracle NetSuite before completing the connection. **Step 1: Find your NetSuite subdomain** * Log in to Oracle NetSuite. * Check your browser URL. * Example: `https://1234567.app.netsuite.com` * Your subdomain is `1234567`.

**Step 2: Enable required features** 1. Go to [**Enable Features**](https://system.netsuite.com/app/setup/features.nl). 2. Under **SuiteTalk**, enable: * SOAP Web Services * REST Web Services 3. Under **Manage Authentication**, enable: * Token-Based Authentication **Step 3: Create a custom role** 1. Go to **Create Role**. 2. Enter a name for the role (for example, *Sprinto Integration Role*). 3. Set **Accessible Subsidiaries** to **All**. 4. Enable **ALLOW CROSS-SUBSIDIARY RECORD VIEWING**.

5. Select ALL under SELECTED ACCOUNTING BOOKS.

5. Assign the permissions listed in the [**Permissions required**](#permissions-required) section above. 6. Save the role. **Step 4: Assign the role to a user** 1. Go to [**Manage Users**](https://system.netsuite.com/app/setup/listusers.nl?whence=). 2. Select an existing user or create a new one. 3. Open the **Access** tab and assign the role you created. 4. Save the changes. **Step 5: Create an integration record** 1. Go to [**Integrations**](https://system.netsuite.com/app/common/integration/integrapp.nl?whence=). 2. Create a new integration record. 3. Enable: * Token-Based Authentication * REST Web Services 4. Save the integration and securely copy the **Consumer Key** and **Consumer Secret**.

**Step 6: Generate an access token** 1. Go to [**Access Tokens**](https://system.netsuite.com/app/setup/accesstoken.nl?whence=). 2. Create a new token using: * The user you assigned the role to * The custom role you created

3. Save and securely copy the **Token ID** and **Token Secret**.

*** #### Confirm successful connection Return to Sprinto and enter the following details: * NetSuite subdomain * Consumer key * Consumer secret * Token ID * Token secret Select **Connect**. Once successful, the integration status updates to **Connected**, and the initial data sync begins. *** ### Post-integration behaviour (PCF flow) After the connection is complete: * Sprinto runs an initial validation to confirm permissions. * User and role data is synced from NetSuite. * The integration status shows the last successful sync time. * Any permission or authentication issues are flagged as errors on the integration page. Data updates automatically on subsequent syncs to keep access reviews current. *** ### Troubleshooting #### Issue: Integration fails during connection **Cause:** Incorrect credentials or missing token-based authentication.\ **Resolution:** Verify that Token-Based Authentication, REST Web Services, and SOAP Web Services are enabled in NetSuite and re-enter valid credentials. *** #### Issue: Users are not syncing **Cause:** Missing `Employees – View` permission.\ **Resolution:** Confirm that the custom role includes the required permission and regenerate the access token. *** #### Issue: Authentication error after initial setup **Cause:** Token revoked or expired in NetSuite.\ **Resolution:** Generate a new access token in NetSuite and update it in Sprinto. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/integrations/overview/oracle-netsuite-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.