Workstation – NetSuite Integration

Last Updated January 25, 2023

Integration Overview

NetSuite app on Workstation allows to search for the following NetSuite objects:-

  1. Employee
  2. Customer
  3. Vendor
  4. Contact
  5. Vendor Bill
  6. Purchase Order
  7. Sales Order
  8. Invoice

Security Overview

The Enterprise Search uses 3rd-party integrations to implement a “federal search”. Searches within Workstation are backed by an NLP engine, and a graph database that supports a great user experience. 

Workstation Enterprise Search doesn’t index 3rd-party data on an independently searchable database. 

The sequence diagram describes the searching algorithm: 

Notes

  1. Cache layer saves results for a period of five minutes
  2. Each Adopter Service creates a unique identifier for the results which is meaningless without access to the 3rd-party and stores it in the graph database

3rd-Party Access and Refresh Tokens

To activate the Enterprise Search (and the Personalized Workspace widgets), each employee is required to grant Workstation permission to access the 3rd-party. 

The granting process is using the OAuth2.0 protocol. 

Each time a new access token is granted to the Workstation, the application will encrypt the access and refresh tokens and store it in a remote database. 

The encryption process includes a unique private key (“salt”) that is generated for each individual at the very first bootstrap and stored in the local machine Keychain.

The salt is irreplaceable and not restorable — losing it causes the access tokens to be voided.

This security measure is being taken to eliminate identity spoofing when accessing high-sensitive data.

See figure below to review the salt generation and storage flow.

Accessing 3rd-Party Content

Accessing 3rd-party content requires end-user consent, and in some cases, mostly on Microsoft products, an organization admin consent.

Users grant Workstation the necessary permission by approving an OAuth2.0 consent screen that is being triggered by them from the Workstation application (“Third-party apps”).

The third-party apps are being approved and verified by third-parties products. 

By the end of the granting process, the third-party apps provide access and refresh tokens that are used by the search engine to establish the requests.
See 3rd-Party Access and Refresh Tokens section above for more information about the storing mechanism.

While searching, the search engine forwards the request, before hitting the Adopter Service, through the Token Injector; a service that injects the relevant tokens to accomplish the request.

The local private key is being handed off over the search HTTPS request for runtime decryption.

JWT Protection

When a user initiates a search query – the WalkMe enterprise search starts a search flow that is being protected by a JWT assigned by WalkMe IdP integration, as part of the user signing flow:

The JWT is proxying the user identity and keeping any HTTPS request secured and individual. 

All Workstation requests are protected by a JWT validation. 

Configure an integration in NetSuite for Workstation

  1. Sign in into NetSuite using an admin account
  2. Go to Setup -> Company -> Enable Features

3. Go to the SuiteCloud tab-


4. Scroll down and make sure these 3 checkboxes are checked –

5. Scroll down and make sure these 2 checkboxes are checked –

6. Scroll down and make sure these 2 checkboxes are checked –

7. Go to Setup -> Integration -> Manage Integrations -> New

8. Fill the integration form with these details-

    • Name – Workstation
    • State – Enabled
    • Token-Based Authentication – check
    • Callback URL- choose one of these URL’s –
    • Authorization Code Grant- checke
    • Redirect URl- choose one of these URL’s-
      • If US- https://workstation.walkme.com/netsuite/connected
      • If EU- https://eu-workstation.walkme.com/netsuite/connected
    • Make sure that these 2 boxes are NOT checked-
      • TBA: Authorization Flow

      • Authorization code grant
    • Click Save to create the new integration

  • 9. In the same screen, on the bottom, you will now have a Client Credentials section. Copy the Consumer Key and Consumer Secret, it will be required later on and there will be no access to them again.

10. Go back to the home screen, go to Setup -> User/Roles -> Manage Roles -> New

11. Fill the role form with these details-

    • Name- Workstation Integration Role
    • Subsidiary Restrictions- Choose ALL and check the last box

Permissions

Transactions

  1. Access Payment Audit Log View
  2. Bill Purchase Orders View
  3. Bills View
  4. Cash Sale View
  5. Check View
  6. Create Allocation Schedules View
  7. Credit Card View
  8. Credit Card Refund View
  9. Credit Memo View
  10. Credit Returns View
  11. Currency Revaluation View
  12. Customer Deposit View
  13. Customer Payment View
  14. Deposit View
  15. Deposit Application View
  16. Enter Opening Balances View
  17. Enter Vendor Credits View
  18. Find Transaction View
  19. Fulfill Orders View
  20. Generate Price Lists View
  21. Generate Statements View
  22. Invoice View
  23. Invoice Approval View
  24. Invoice Sales Orders View
  25. Item Fulfillment View
  26. Item Receipt View
  27. Journal Approval View
  28. Make Journal Entry View
  29. Pay Bills View
  30. Pay Sales Tax View
  31. Pay Tax Liability View
  32. Post Vendor Bill Variances View
  33. Posting Period on Transactions View
  34. Purchase Order View
  35. Reconcile View
  36. Return Authorization View
  37. Revenue Arrangement View
  38. Revenue Arrangement Approval View
  39. Sales Order View
  40. Set Up Budgets View
  41. Transfer Funds View
  42. Vendor Bill Approval View
  43. Vendor Return Auth. Approval View
  44. Vendor Return Authorization View
  45. Vendor Returns View
  46. View Gateway Asynchronous Notifications View
  47. View Payment Events View

Reports
  1. Account Detail View
  2. Accounts Payable View
  3. Accounts Payable Graphing View
  4. Accounts Receivable View
  5. Accounts Receivable Graphing View
  6. Amortization Reports View
  7. Balance Sheet View
  8. Deferred Expense Reports View
  9. Employee Reminders View
  10. Expenses View
  11. Financial Statements View
  12. General Ledger View
  13. Income View
  14. Income Statement View
  15. Lead Snapshot/Reminders View
  16. Net Worth View
  17. Purchase Order Reports View
  18. Purchases View
  19. Reconcile Reporting View
  20. Report Customization View
  21. Report Scheduling View
  22. Revenue Recognition Reports View
  23. Sales View
  24. Sales Order Fulfillment Reports View
  25. Sales Order Reports View
  26. Sales Order Transaction Report View
  27. SuiteAnalytics Workbook View
  28. Tax View
  29. Transaction Detail View
  30. Trial Balance   View

List

    1. Accounts View
    2. Accounts Payable Register View
    3. Accounts Receivable Register View
    4. Amortization Schedules View
    5. Bank Account Registers View
    6. Billing Schedules View
    7. CRM Groups View
    8. Calendar View
    9. Commit Orders View
    10. Contacts View
    11. Credit Card Registers View
    12. Currency View
    13. Custom Recognition Event Type View
    14. Custom Record Entries View
    15. Customers View
    16. Deferred Revenue Registers View
    17. Departments View
    18. Documents and Files View
    19. Email Template View
    20. Employee Record View
    21. Employees View
    22. Equity Registers View
    23. Events View
    24. Export Lists View
    25. Fair Value Formula View
    26. Fair Value Price View
    27. Fixed Asset Registers View
    28. Item Revenue Category View
    29. Items View
    30. Locations View
    31. Long Term Liability Registers View
    32. Mass Updates View
    33. Memorized Transactions View
    34. Non Posting Registers View
    35. Notes Tab View
    36. Other Asset Registers View
    37. Other Current Asset Registers View
    38. Other Current Liability Registers View
    39. Other Names View
    40. Perform Search View
    41. Phone Calls View
    42. Platforms View
    43. Publish Search View
    44. Record Custom Field View
    45. Related Items View
    46. Resource Create
    47. Revenue Element View
    48. Revenue Recognition Field Mapping View
    49. Revenue Recognition Plan View
    50. Revenue Recognition Rule View
    51. Revenue Recognition Schedules View
    52. Statistical Account Registers View
    53. Subsidiaries   View
    54. Tasks View
    55. Track Messages View
    56. Unbilled Receivable Registers View
    57. Units View
    58. Vendors View
    59. Work Calendar View

Setup

  1. Accounting Book View
  2. Accounting Lists View
  3. Accounting Management View
  4. Allow Non G/L Changes View
  5. Auto-Generated Numbers View
  6. Custom Body Fields View
  7. Custom Column Fields View
  8. Custom Entity Fields View
  9. Custom Item Fields View
  10. Custom Lists View
  11. Custom Record Types View
  12. Deleted Records View
  13. Log in using Access Tokens View
  14. Log in using OAuth 2.0 Access Tokens View
  15. Manage Accounting Periods View
  16. Mobile Device Access View
  17. OAuth 2.0 Authorized Applications Management View
  18. Other Custom Fields View
  19. Other Lists View
  20. REST Web Services View
  21. SOAP Web Services View
  22. Set Up Company View
  23. SuiteAnalytics Connect View
  24. SuiteAnalytics Connect – Read All  View
  25. Vicarious emails View
  26. View SOAP Web Services Logs View

Custom Records

  • If you have custom records that are required for processes, it might be a blocker for this integration. We recommend providing permissions to all custom records

  •  Click Save to create the new integration

12. Now you will need to assign the new integration role to a new integration user. Go to Setup -> Users/Roles -> Manage Users

13. Create a new user, make sure the user is of type Employee. Fill the role form with these details-

    • Name- Workstation Integration User
    • Email- any email
    • Subsidiary- your organization subsidiary
    • Access – check the box-
    • Roles- assign the integration role you had previously created (“Workstation Integration Role”)-
    • Click Save to create the new Employee user

14. Go to Setup -> Users/Roles -> Access Tokens -> New

15. Create an access token. Fill the role form with these details-

    • Application Name- choose in the dropdown the Workstation Integration-

    • User (from List)- Workstation Integration User
    • Role- Workstation Integration Role
    • Token Name- will be populated automatically
    • Click Save to create the new Access Token
    • In the same screen, on the bottom of the access token page, you will now have a Token ID and Token Secret

16. Go to Console to the Workstation -> Integrations page

17. On the NetSuite integration, click on Setup, and configure the following-

  • Sub Domains- the domain of your NetSuite URL. For example, if your URL is https://testname.app.netsuite.com/ so your domain is “testname”.
  • Client ID and Client Secret- the values created previously in the process (also known as Consumer Key and Consumer Secret).
  • Click Save. NetSuite integration should now work on your Workstation App.

Connecting NetSuite on Workstation

  1. Open the Workstation Menu by clicking the widget (on Windows) / the WalkMe icon on the Mac Menu bar, or by hitting ctrl/cmd+shift+E
  2. Go to Settings -> Integrations, and click Connect on the NetSuite card
  3. If the NetSuite card is not available, contact your WalkMe Owner in your organization and ask to enable NetSuite on Workstation

Was this article helpful?

Thanks for your feedback!
×

Select account type

Close
< Back

Mobile account login

< Back