Version: eXtendFiles 1.6.5
Audience: Administrator

Use Case

  • Upgrading eXtendFiles to version 1.6.5 in a Sandbox or Production account.

Summary

NetSuite has issued a formal notification that the Outbound Single Sign-on (SuiteSignOn) method will be deprecated starting in 2024 (https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_158921905537.html).

Versions 1.6.4 and earlier of eXtendFiles have been using SuiteSignOn to authenticate internal file uploads from within the NetSuite user interface, without requiring any explicit NetSuite user authentication. To address the deprecation of SuiteSignOn, eXtendFiles version 1.6.5 (and future versions) will use NetSuite's OIDC provider feature, which leverages the OAuth 2.0 authentication process.

As a result of this change, updating the bundle to version 1.6.5 requires a number of additional configurations.

Configuration Details

  1. Enable NetSuite's "OAuth 2.0" feature (if not already enabled):
    Setup → Company → Enable Features → SuiteCloud → Manage Authentication.Image Placeholder

  2. Update the eXtendFiles Server Role Permission:
    Edit the eXtendFiles Server User role to add the "Log in using OAuth 2.0 Access Tokens" permission to the role.
    Image Placeholder

    Note: To check which server role is being used, view the Access Tokens page in NetSuite (Setup → Users/Roles → Access Tokens) and find the access token connected with the eXtendTech Files integration. Usually this will be in the format YOUR ACCOUNT NAME - eXtendFiles Server User.Image Placeholder

  3. Create an API Secret for eXtendFiles:
    See https://suiteanswers.custhelp.com/app/answers/detail/a_id/100920/loc/en_US (NetSuite login required) for an example of how to create an API Secret.

    Create the API secret using the following details:
    1. Enter a name for the secret.
    2. The final ID of the API secret must be custsecret_extend_files_token_secret

      Note: 
      NetSuite will prefix "custsecret" to the ID you assign, so enter _extend_files_token_secret during the secret ID definition process to ensure the final ID is custsecret_extend_files_token_secret
      Image Placeholder
    3. The password should be exactly 32 characters.
    4. On the restriction page, check the checkboxes "ALLOW FOR ALL SCRIPTS" and "ALLOW FOR ALL DOMAINS".
      1. Image Placeholder
  4. OAuth 2.0 Client Credentials Setup
    1. Download the certificate file at: Updating OAuth 2.0 Client Credentials (M2M).
    2. See https://suiteanswers.custhelp.com/app/answers/detail/a_id/101101/loc/en_US (NetSuite login required) for an example of how to create the OAuth 2.0 Client Credentials.
      Image Placeholder
    3. Use the certificate from step a during step b.
    4. Use the application: eXtendTech Files.
    5. Use the same entity record as is being used for the eXtendTech Files access token.
    6. Save the credentials and copy the generated CERTIFICATE ID.
  5. Create eXtendFiles Suitelet Deployments:
    1. eXtendFiles OIDC OAuth Tokens
      Create a new script deployment for the eXtendFiles Suitelet script with the following details:
      1. Name: eXtendFiles OIDC OAuth Tokens
      2. ID: customdeploy_extend_files_oidc_oauth

        Note: NetSuite will prefix "customdeploy" to the ID you assign, so enter _extend_files_oidc_oauth during the deployment ID definition process to ensure the final ID is customdeploy_extend_files_oidc_oauth
      3. Status: Released
      4. Log Level: Audit, Error, or Emergency
      5. Execute as Role: Current Role
      6. Audience: All Roles
      7. Parameters: Under the EXTENDTECH FILES SUITLET DEPLOYMENT script parameter, specify its value as: oidc_oauthImage Placeholder
    2. eXtendFiles Subdomain Registration
      Create a new script deployment for the eXtendFiles Suitelet script with the following details:
      1. Name: eXtendFiles Subdomain Registration
      2. ID: customdeploy_extend_files_subdomain_regi

        Note: NetSuite will prefix "customdeploy" to the ID you assign, so enter _extend_files_subdomain_regi during the deployment ID definition process to ensure the final ID is customdeploy_extend_files_subdomain_regi
      3. Status: Released
      4. Log Level: Audit, Error, or Emergency
      5. Execute as Role: Current Role
      6. Audience: Administrator, eXtendFiles Configuration Role[BUNDLE]
      7. Parameters: Under the EXTENDTECH FILES SUITLET DEPLOYMENT script parameter, specify its value as: subdomain_registration

        Image Placeholder
  6. eXtendFiles Integration:
    Navigate to Setup → Integrations → Manage Integrations and open the integration named "eXtendTech Files". Change the
    OAUTH 2.0 CONSENT POLICY to "Never Ask". This field under the Authentication subtab.

    Image Placeholder
  7. eXtendFiles Setup Configuration:
    1. Navigate to the eXtendFiles Approval Setup page.
    2. There will be a new subtab named Certificate Configuration. Select this subtab.
    3. In the Certificate ID field, specify the Certificate ID created in #4 for the OAuth 2.0 Client Credentials Setup, and select the Certificate Type listed at the end of Updating OAuth 2.0 Client Credentials (M2M). Save the eXtendFiles Approval Setup page.

      Image Placeholder

    4. Navigate to the eXtendFiles Setup page. Save the setup page after reviewing the configuration for the recent changes to be applied.
  8. If you are using the eXtendFiles line level upload feature, make sure the eXtendFiles Line Level Upload on Record Html field is not hidden on the forms.

Validation Steps

Once the configuration changes are completed, validate the eXtendFiles upload functionalities:
  1. Confirm that you are able to upload files using the eXtendFiles inline upload feature.
  2. Confirm that you are able to upload files using eXtendFiles public upload feature.