- 13 Nov 2023
- 4 Minutes to read
- Updated on 13 Nov 2023
- 4 Minutes to read
Oracle Netsuite is a cloud-based ERP solution that provides global business management solutions.
|Cybersecurity Asset Management
|Service Account Required?
|Required Adapter Fields
|Company ID, Client ID, Certificate ID, Private Key, Private Key Algorithm
|Company ID, Client ID, Certificate ID, Private Key
Types of Assets Fetched
This adapter fetches the following types of assets:
- SaaS data (expenses)
Company ID (required) - NetSuite account ID (company identifier). The company parameter is a NetSuite-specific parameter. Extract only the company ID from
Client ID (required) - The Netsuite Account ID. You can find your NetSuite account ID at the beginning of the NetSuite URL. For example, if the URL is https://1234567.app.netsuite.com/, your account ID is 1234567.
The connection between Axonius and Oracle Netsuite uses OAuth 2.0 Client. You need to setup OAuth 2.0 Client Credentials. Follow the instructions in Setting up OAuth 2.0 Client Credentials.
Certificate ID (required) - A certificate ID for the Private Key file, refer to Create a Certificate for the OAuth 2.0 Client Credentials Flow.
Private Key (required) - Upload the private key you have generated.
Private Key Algorithm - Select the algorithm used for the private key file: RSA, DSA, EC, DH, or ECDH. Refer to Create a Certificate for the OAuth 2.0 Client Credentials Flow.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Axonius uses the NetSuite Applications Suite API
Setting Up the Integration
See the Oracle Netsuite documentation for instructions on setting up an integration.
- Ensure that the following options are selected on the Setup > Company > Enable Features page:
- In the SuiteBundler section, select Create Bundles with SuiteBundler.
- In the SuiteTalk (Web Services) section, select SOAP Web services and REST Web Services.
- In the Manage Authentication section select Token-Based Authentication and OAuth 2.0.
- On the Setup > Integration > Manage Integrations > New page, in the OAuth 2.0 section, select Authorization Code Grant and REST Web Services.
Setting Up OAuth 2.0 Client Credentials
OAuth 2.0 client mapping must be done by an administrator or a user with a role with the OAuth 2.0 Authorized Applications Management permission.
Create a Mapping for the Client Credentials Flow
When you configure a new mapping, it is added to the list on the OAuth 2.0 Client Credentials (M2M) Setup page. The list includes the data you entered, as well as the data imported from the certificate. The system creates a record for every unique combination of application and certificate.
- Navigate to Setup > Integration > Manage Authentication > OAuth 2.0 Client Credentials (M2M) Setup.
- Click Create New.
- In the popup window, choose the entity, role, and application to be mapped.
- Upload the public part of the certificate from your computer.
Note that you can only select the application if the Client Credentials (Machine to Machine) Grant box is selected on the associated integration record.
- Click Save.
Create a Certificate for the OAuth 2.0 client credentials flow
The certificate must contain two parts
Public part – an Administrator or a user with the OAuth 2.0 Authorized Applications Management permission uploads the public part of the certificate as part of the client credentials flow mapping process.
Private part (Private Key) – The private part of the certificate provides the signature of the JWT token in the POST request to the token endpoint. This is the private key that must be uploaded to Axonius. For more information, see POST Request to the Token Endpoint and the Access Token Response
The certificate must meet the following requirements:
- The public part of the certificate must be in x.509 format with a file extension of .cer, .pem, or .crt.
- The length of the RSA key must be 3072 bits, or 4096 bits. The length of EC key must 256 bits, 384 bits, or 521 bits.
- The maximum certificate validity is two years. If the certificate is valid for a longer time period, the system automatically shortens the validity to two years.
- One certificate can only be used for one combination of integration record, role, and entity. If you want to use the same integration record for multiple entities or roles, you must use a different certificate for each unique combination.
The following example shows how to create a valid certificate using OpenSSL:
openssl req -x509 -newkey rsa:4096 -sha256 -keyout auth-key.pem -out auth-cert.pem -nodes -days 730.
You must enable the following permissions to fetch user and device data from Oracle Netsuite:
- Advanced Employee Permissions
- Employee Record
- Perform Search
- SuiteAnalytics Workbook
For Accounts with SaaS Management Capabilities
You must enable the Expense Reports feature to fetch SaaS data (expenses) from Oracle Netsuite.
Supported From Version
Supported from Axonius version 6.0