NetSuite 2018.2 token-based authentication
Introduction
As you may be aware, NetSuite is enforcing two-factor authentication (2FA) for all Administrator, Full Access, and other highly privileged roles in their 2018.2 release. If your NetSuite administrator has obtained a standard temporary exemption to the 2018.2 2FA requirement (recommended), the enforcement of 2FA will be delayed until the 2019.1 release.
Even if you have obtained the exemption, eventually changes will be required to your Harmony integrations that connect with NetSuite. We recommend that you begin preparing your Harmony projects as soon as possible to ensure a smooth transition.
What changes are required?
The enforcement of 2FA will likely impact your Harmony NetSuite integrations, as most users have configured Harmony using a NetSuite user with a highly privileged role. These users will be required to use token-based authentication (TBA) to successfully connect to NetSuite within Harmony once the enforcement of 2FA goes into effect.
Even if you have verified that your Harmony NetSuite integration is using a role that is not affected by the 2FA requirement, we strongly recommend switching to TBA as soon as possible. As of the 2018.2 release, NetSuite will no longer allow creating new or modifying existing single sign-on (SSO) connections. This means that although your existing NetSuite connections in Harmony will continue to function unaffected for the time being, if you need to make any changes to the NetSuite user or within Harmony, your integrations may stop working. In addition, new NetSuite projects in Harmony will be required to use TBA.
When are changes needed by?
Changes are needed by the date that your NetSuite organization is affected by the 2FA requirement. Your NetSuite administrator can find the exact upgrade date by logging in to your NetSuite account.
- Not Exempted: For those who do not have an exemption to the 2018.2 2FA requirement, changes are needed by the date that 2018.2 is released to your NetSuite organization.
- Exempted: For those who have an exemption to the 2018.2 2FA requirement, changes are needed by the date that 2019.1 is released to your NetSuite organization.
To request a standard temporary exemption, your NetSuite administrator should immediately submit a support ticket requesting the 2FA requirement be delayed until 2019.1.
What will happen if no changes are made?
If you do not make the necessary changes to use TBA in NetSuite and Harmony, your existing Harmony NetSuite integrations may stop working. In addition, you will not be able to create any new Harmony NetSuite integrations using the SSO authentication type.
Where can I find instructions on what to do?
You must first enable TBA within your NetSuite organization, and then configure your Harmony integration to authenticate with NetSuite using TBA. We provide step-by-step instructions and recommendations for setting roles and permissions in NetSuite in Enable TBA in NetSuite. After TBA is enabled, configuring the NetSuite connection in Harmony can be done in several ways:
- Use the NetSuite Connector: If you use Jitterbit's NetSuite Connector, the option to configure a new TBA endpoint is available in Jitterbit Studio and Agents that are version 9.2 or higher. In addition, Jitterbit Studio version 9.3.1 offers an option to easily convert your existing SSO endpoint to use TBA.
- Use a Web Service Method: If you are connecting to NetSuite through Harmony by using a web service method, manual changes to your project are required; the recommended setup requires using at least version 8.24.2 of Jitterbit Studio and 8.24 of Agents.
- Call a RESTlet from an HTTP Source or Target: If you are connecting to NetSuite through Harmony by calling a NetSuite RESTlet through an HTTP source or target, an authentication header must be provided; the recommended setup requires using at least version 8.24.2 of Jitterbit Studio and 8.24 of Agents.
- Call a RESTlet from a Local File Source: Another option for connecting to NetSuite from Harmony is to call a NetSuite RESTlet from a local file source. This can be done only on private agents.