Enabling User Access Tokens in NetSuite helps reduce concurrency issues and improves connection stability when using CloudExtend application.
If you’re encountering login or authorization errors, your NetSuite role may be missing the required permissions.
💡 Tip:
Ask your NetSuite Administrator to enable User Access Tokens for your role.
You can click here to send them an email request or simply share this article.
Required Permissions
Follow these steps to verify and enable the necessary permissions.
Step 1: Go to Setup > Users/Roles > Manage Roles
Step 2: Look for the role name that you wish to edit
Step 3: Go to Permissions > Setup and make sure that both of these are set to full:
User Access Tokens
SOAP Web Services
Optional Permissions
Some additional permissions enhance specific CloudExtend features such as Send from Outlook or ExtendInsights for Analytics NetSuite.
Send from Outlook
In NetSuite, go to Setup > User/Roles > Manage Roles and and select the relevant custom role.
Go to Permissions > Custom Record Tab.
Add Celigo Send from Outlook Email Config and set to FULL.
Go to Permissions > Lists
Add Track Messages and assign FULL access level
ExtendInsights for Analytics NetSuite
In NetSuite, navigate to Setup > Users/Roles > Manage Roles
Select the Project Manager role and click Edit.
Click Permissions > Lists
Add Persist Search and assign Create access level
Why User Access Tokens Are Important
NetSuite recommends that users connect to NetSuite with tokens when using applications such as CloudExtend and has provided a means to generate these tokens automatically. During the login flow:
Once a user enters their user name and password CloudExtend will attempt to create a token pair for future logins.
If the end-user does not have the proper permissions this process will fail and the user will need to click the back button and select basic login.
For the login flow to be able to generate tokens on behalf of the user ensure that their roles have the User Access Tokens permission. When a role has this permission the NetSuite login flow will automatically generate tokens on your behalf and log you in with token-based authentication which can greatly reduce NetSuite concurrency issues.
Role-Specific Limitations with Tokens
Specialized NetSuite roles, such as CRM-specific roles, often have preset limitations that restrict the addition of new permissions.
For example:
The “Custom specialized user: CRM” role cannot include permissions like User Access Tokens and SOAP Web Services required for CloudExtend.
To resolve this issue, consider assigning a role that permits adding required permissions, or clone a standard NetSuite role, add the necessary permissions, and reassign it.
If your role lacks the proper permissions, you’ll see this error during login:
You cannot continue this authorization flow. Your current role has insufficient permission. Please contact your account administrator.
Addressing Role-Specific Permission Limitations
Ensure that roles like specialized CRM roles do not restrict essential permissions for CloudExtend. Assigning a different role or creating a custom role may resolve these issues. After updating roles, ask affected users to log out and log back into CloudExtend to apply the changes.