This article applies to all applications that connect to NetSuite
ExtendInsights (NetSuite Edition)
ExtendSync (NetSuite Edition) for Gmail and Outlook
CloudExtend NetSuite login flow overview
Logging in to CloudExtend
Users first login to CloudExtend using "Google" or "Microsoft" at the login screen. The user's Google or Microsoft email must match the email address the user's license was assigned to by their admin.
Once the user has logged into CloudExtend they will then be prompted to create connections to NetSuite. Connections can be created to unlimited NetSuite accounts and roles, even if the NetSuite login email is different than the user's Google or Microsoft email address. The NetSuite connection is established once you log in and can be switched easily without having to sign out by selecting the menu and Connections.
NetSuite Account Prerequisites
The connection flow supports all NetSuite login flows out of the box without the administrative overhead of managing tokens.
Two-Factor Authentication
SAML Single Sign-On
Token Based Authentication
Basic User Credentials
Prerequisites
NetSuite Account Number
In order to use the login flow you will need your NetSuite Account Number. This can be located in the URL while you are logged in to NetSuite in a browser.
End-User Permissions
Please make sure your Admin has set up the following permissions for the roles you plan to login with.
SOAP Web Services - SOAP Web Services are required for the App to communicate with NetSuite post login.
User Access Tokens - When your role has this permission the NetSuite login flow will automatically generate tokens on your behalf and log you in with token-based authentication which can greatly reduce NetSuite concurrency issues.
Users without this permission will see an error when logging inYou cannot continue this authorization flow. Your current role has insufficient permission. Please contact your account administrator
. and will need to click the back button and will only be able to login with basic credentials.Optional - SAML Single Sign On - If your organization uses Single Sign On (SSO) then your role likely already has SAML Single Sign On enabled. Note that if you have SSO enabled for any of your roles you will not be able to login to roles that do not support SSO.
Allow JS/HTML uploads - If your user will need to upload .js and .htm files.
Log in using Access Tokens - Additional permission for User Access Tokens
Permissions > Setup Tab
Do you have Custom fields?
For Outlook and Gmail Apps: Add custom field permissions to each role.
For Excel Apps: Add custom field permission to each role.
Confused?
If you're not sure what any of this means don't worry about it, your Admin will understand and can help set this up. Click here to send them an email request or share this article with them.
Logging In
🚨 Important Note About NetSuite deprecation of basic credential login
NetSuite has deprecated support for users that log in with basic credentials (using the link shown in the screenshot below). Users should only click Connect to NetSuite which will start NetSuite's own 3-step secure authorization flow.
If you have trouble ask your admin to provision the user access tokens permission to your role.
Step 1: Go to Menu and select Connection.
Step 2: Click Add then enter your NetSuite account ID and click Connect to NetSuite.
Learn how to find your NetSuite account ID here.
Step 3: Enter your NetSuite credentials. Select the role you want to log in with and hit Allow.
Step 4: Click Yes. Now, you have a new connection in CloudExtend.
🚨 IMPORTANT
You will be logged out of your current NetSuite session the first time you log in. Don't worry though, once logged in you'll be able to have both sessions active at the same time. As long as you don't log out of CloudExtend you won't need to enter your credentials again, even if your password expires.
Authorization Flow Error
If you see the error below (cannot continue this authorization flow. Your current role has insufficient permission. Please contact your administrator) then please ask your admin to enable user access tokens for you and try again.
Additional Troubleshooting
If your user is receiving an unexpected two-factor authentication prompt and you have not explicitly required two-factor authentication for their role, please note that NetSuite enforces two-factor authentication when certain permissions are enabled for the role.
👉 See this article from NetSuite for a complete list.