NetSuite

Implementation Summary

Ethyca uses the following endpoints in NetSuite to retrieve and delete Personally Identifiable Information (PII) when a user submits a data subject request. See below for a summary of what Ethyca does with each endpoint:

Endpoint	User Can Download	User Can Delete
customer	Yes	Yes
customer-addressbook	Yes	Yes
customer-creditCards	Yes	Yes
salesOrder	Yes	Yes
salesOrder-billingAddress	Yes	Yes
salesOrder-shippingAddress	Yes	Yes
contact	Yes	Yes
contact-addressbook	Yes	Yes
partner	Yes	Yes
partner-addressbook	Yes	Yes
employee	Yes	No
employee-addressbook	Yes	No
employee-directdepositlist	Yes	No
vendor	Yes	No
vendor-addressbook	Yes	No

As the leading cloud-based ERP, NetSuite, owned by Oracle, can store PII about your employees, customers, and contractors. Keep this in mind when you are setting the DSR Customization as it will impact what is returned in your subject’s DSR package.

If this aligns with your use of NetSuite, please proceed to the next section to begin setting up your integration in the Control Panel.

For any questions, please reach out to your dedicated Customer Success Manager.

Connection Settings

To connect for your instance of NetSuite to Ethyca, follow the steps below:

Domain & Realm

Once you have logged in, look at the page URL. The URL will contain a number (between 6 - 8 digits). Your Domain is this number followed by .suitetalk.api.netsuite.com. So, for the example below, the Domain would be 1234567.suitetalk.api.netsuite.com. Enter your Domain into Ethyca.

Your Realm is the number from the previous step followed. Enter your Realm into Ethyca.

Consumer Key & Consumer Secret

Enable the Token-based Authentication Feature

Go to Setup > Company > Setup Tasks > Enable Features.

Click the SuiteCloud subtab.

In the SuiteScript section, check the following boxes:

Client SuiteScript: Click "I Agree" on the SuiteCloud Terms of Service page.
Server SuiteScript: Click "I Agree" on the SuiteCloud Terms of Service page.

Note: Enabling both the Client SuiteScript and Server SuiteScript features is required to use RESTlets with token-based authentication.

In the SuiteTalk section check the following:

Rest Web service: Click "I Agree" on the SuiteCloud Terms of Service page.
Rest Record service (Beta): Click "I Agree" on the SuiteCloud Terms of Service page.

In the Manage Authentication section, check the "Token-based Authentication" box. Click "I Agree" on the SuiteCloud Terms of Service page.

Click Save.

Set Up Token-based Authentication Roles

Go to Setup > Users/Roles > User Management > Manage Roles. Select a role to customize.

Select the Permission tab. Under the Permission menu, select the "Transactions" sub-tab.

Select the following from the "Transactions" permissions:

Find Transactions → View
Sales Order → Full

When these are selected, click "add".

Repeat the following for the "Reports" permissions:

SuiteAnalytics Workbook → View

Repeat the following for the "List" permissions:

Customers → Full
Contacts → Full
Employees → Full
Employee Record → Full
Partners → Full
Vendors → Full
Other Names → Full

Repeat the following for the "Setup" permissions:

User Access Tokens → Full
Log in using Access Tokens → Full
REST Web Services → Full
SOAP Web Services → Full

Assign Users to Token-based Authentication Roles

After modifying roles with the appropriate token-based authentication permissions, an account administrator can assign users to those roles. TBA is available for many types of NetSuite users, including customers, employees, partners, and vendors. The following is a brief procedure for assigning a role to an existing user.

To assign a user to a token-based authentication role:

Go to the entity record for the user. If the user is an employee, go to Lists > Employees > Employees. If the user is not an employee, go to List > Relationships, and then click Customers, Partners, or Vendors.

Click Edit next to the name of the user you want to assign the token-based authentication role.

Click the Access tab.

In the Role field, select the token-based authentication role for this user. Once you have selected the correct roles, click "add" and then "save".

Create Integration Records for Applications to Use TBA

Before tokens can be created and assigned to users, an integration record must be created for each application that will use token-based authentication. Administrators or users assigned the Integration Application permission can create integration records.

The following procedure briefly describes completing an integration record. You should create a separate integration record for each application.

Go to Setup > Integration > Integration Management > Manage Integrations > New

Enter a name, such as "Ethyca Privacy Management," and description for your application.

Under the "Authentication" tab, check the box for Token-Based Authentication. Click "Save".

Scroll down to find your your Client ID and Client Secret. Paste these values into Ethyca.

Note: The system will only display these values the first time you save the integration record. In cases where an application previously used user credentials as an authentication method, you must reset the consumer ID and consumer secret. Resetting the consumer ID and client secret invalidates the previous consumer ID and client secret.

Access Token & Token Secret

Note: To complete the following steps, you must be logged in as a user with the Access Token Management permission.

Go to Setup > Users/Roles > User Management > Access Tokens.

On the Access Tokens page, click "New Access Token".

On the Access Token page, enter the Application Name, User, and Role. The Token Name is already populated by default, but you can customize the token name if you'd like. After entering this information, click "Save".

Netsuite will display your Access Token (labeled Token ID) and Token Secret. Paste these values into Ethyca.