# Oracle NetSuite Integration ### Overview The Oracle NetSuite integration allows Sprinto to securely read user and role information from your NetSuite account to support automated access reviews and compliance monitoring. This integration uses **token-based authentication** and the **Unified User Directory API**. Sprinto only reads the minimum user and role metadata required for compliance checks. No financial, payroll, or transactional data is accessed. **Prerequisites** * Admin access to Oracle NetSuite (required to configure roles and tokens) * Ability to enable REST and SOAP web services in NetSuite *** ### Permissions required Sprinto follows the principle of least privilege and requires **minimum, read-only access** wherever possible. #### On Oracle NetSuite Sprinto requires the following permissions to read user and role data and authenticate using access tokens. **Lists tab**
PermissionLevel
EmployeesView
**Setup tab**
PermissionLevel
User RolesView
REST Web ServicesFull
Log in using Access TokensFull
**Important** * `Full` access is required only to enable REST APIs and authenticate using access tokens. * Sprinto does **not** create, update, or delete users in NetSuite. * Sprinto does **not** access accounting, payroll, or financial records. #### On Sprinto * Admin access is required to configure integrations. *** ### How it works Once connected, Sprinto uses token-based authentication to securely connect to Oracle NetSuite and read user and role data. * Sprinto fetches employee records and associated role information. * The data is used to power access reviews and user-related compliance checks. * Sprinto performs an initial post-connect validation to confirm permissions and data availability. * Subsequent syncs run automatically to keep user data up to date. If required permissions are missing or credentials are invalid, Sprinto surfaces an error on the integration status page. *** ### Connect Oracle NetSuite to Sprinto #### Steps in Sprinto 1. Sign in to the Sprinto dashboard. 2. Go to **Settings**. 3. Select **Integrations** (the *Available* tab opens by default). 4. Search for **Oracle NetSuite**.
5. Select **Connect**. 6. Review the permissions and data usage details, then select **Next**.
7. Confirm that you have admin access to your Oracle NetSuite account. 8. Select **Connect to Oracle NetSuite**.
Sprinto opens a secure connection window where you must enter your NetSuite credentials. *** #### Steps in Oracle NetSuite You must generate the required credentials in Oracle NetSuite before completing the connection. **Step 1: Find your NetSuite subdomain** * Log in to Oracle NetSuite. * Check your browser URL. * Example: `https://1234567.app.netsuite.com` * Your subdomain is `1234567`.
**Step 2: Enable required features** 1. Go to [**Enable Features**](https://system.netsuite.com/app/setup/features.nl). 2. Under **SuiteTalk**, enable: * SOAP Web Services * REST Web Services 3. Under **Manage Authentication**, enable: * Token-Based Authentication **Step 3: Create a custom role** 1. Go to **Create Role**. 2. Enter a name for the role (for example, *Sprinto Integration Role*). 3. Set **Accessible Subsidiaries** to **All**. 4. Enable **ALLOW CROSS-SUBSIDIARY RECORD VIEWING**.
5. Select ALL under SELECTED ACCOUNTING BOOKS.
5. Assign the permissions listed in the [**Permissions required**](#permissions-required) section above. 6. Save the role. **Step 4: Assign the role to a user** 1. Go to [**Manage Users**](https://system.netsuite.com/app/setup/listusers.nl?whence=). 2. Select an existing user or create a new one. 3. Open the **Access** tab and assign the role you created. 4. Save the changes. **Step 5: Create an integration record** 1. Go to [**Integrations**](https://system.netsuite.com/app/common/integration/integrapp.nl?whence=). 2. Create a new integration record. 3. Enable: * Token-Based Authentication * REST Web Services 4. Save the integration and securely copy the **Consumer Key** and **Consumer Secret**.
**Step 6: Generate an access token** 1. Go to [**Access Tokens**](https://system.netsuite.com/app/setup/accesstoken.nl?whence=). 2. Create a new token using: * The user you assigned the role to * The custom role you created
3. Save and securely copy the **Token ID** and **Token Secret**.
*** #### Confirm successful connection Return to Sprinto and enter the following details: * NetSuite subdomain * Consumer key * Consumer secret * Token ID * Token secret Select **Connect**. Once successful, the integration status updates to **Connected**, and the initial data sync begins. *** ### Post-integration behaviour (PCF flow) After the connection is complete: * Sprinto runs an initial validation to confirm permissions. * User and role data is synced from NetSuite. * The integration status shows the last successful sync time. * Any permission or authentication issues are flagged as errors on the integration page. Data updates automatically on subsequent syncs to keep access reviews current. *** ### Troubleshooting #### Issue: Integration fails during connection **Cause:** Incorrect credentials or missing token-based authentication.\ **Resolution:** Verify that Token-Based Authentication, REST Web Services, and SOAP Web Services are enabled in NetSuite and re-enter valid credentials. *** #### Issue: Users are not syncing **Cause:** Missing `Employees – View` permission.\ **Resolution:** Confirm that the custom role includes the required permission and regenerate the access token. *** #### Issue: Authentication error after initial setup **Cause:** Token revoked or expired in NetSuite.\ **Resolution:** Generate a new access token in NetSuite and update it in Sprinto.