Overview
Before setting up the NetSuite integration, it's essential to understand the necessary permissions and roles required for a smooth process. This guide outlines who needs access, what permissions are required, and how to choose the right integration role.
For more information about the Integration Page, please refer to Integration Page Overview.
Who Needs to Set Up the Integration?
The person responsible for setting up the NetSuite integration should have:
- NetSuite Administrator Privileges – Required to manage configurations, enable features, install the SuiteApp, and create Access Tokens.
- Tropic Account Owner Role – Ensures full control over the integration setup within Tropic.
Required Permissions & Roles
Administrator privileges allow you to perform key actions such as:
- Downloading and installing the SuiteApp.
- Enabling necessary features.
- Creating users and generating Access Tokens required for the integration.
Should I Use an Integration User or a Named Employee?
It is strongly recommended to use a dedicated integration user for the integration. This reduces disruptions if an employee leaves the organization, ensuring the integration remains stable without needing reconfiguration.
| User Type | Implications |
| Named Employee | If the employee leaves, the integration must be reconfigured. |
| Dedicated Integration User | The integration remains stable regardless of personnel changes. |
Choosing the Right Integration Role
Selecting the correct role ensures the integration functions as expected while limiting unnecessary access.
| Role | When to Choose It |
| Tropic Spend Management Integration | If you do not plan to sync departments or employees. |
| Tropic Spend Mgmt. & HRIS Integration | If you want to sync department structures and employees. |
| Tropic Spend Mgmt., HRIS & PO Integration | If you also need to integrate Purchase Orders. |
Data Access and Security
Tropic follows the principle of least privilege, meaning we limit access to only what is necessary for the integration to function.
During setup, you can customize configurations, including:
- Selecting which Subsidiaries and GL accounts Tropic can access.
- Defining the scope of integration to control data sharing.
For a comprehensive list of required permissions, please refer to the attached permissions spreadsheet.
Frequently Asked Questions (FAQ)
Q: Do we have control over what information is shared?
A: Yes. You can customize which Subsidiaries and GL accounts are accessible during the setup process. Tropic only reads the data necessary for integration.
Q: What happens if the user associated with the integration leaves the organization?
A: If the user is deactivated in NetSuite, the integration will stop working and must be reconfigured. Using a dedicated integration user prevents this issue.
Q: Can I edit the subsidiaries and accounts I previously selected?
A: Yes, you can update these selections in Settings > Integrations > NetSuite within Tropic.
Q: What permissions are required to manage the integration after setup?
A: After setup, you must retain Administrator access in NetSuite or assign a user with the appropriate Tropic role to manage the integration settings and troubleshooting.
Q: Can I switch the integration user after setup?
A: Yes, but you will need to:
-
Assign the correct Tropic role to the new user in NetSuite.
-
Generate a new Access Token in NetSuite for the new user.
-
Update the integration settings in Tropic by entering the new Token ID and Token Secret.
This ensures that the integration continues to function with the new user’s credentials.
Q: How do I verify that my assigned role has the correct permissions?
A: You can check this in NetSuite by navigating to Setup > Users/Roles > Manage Roles and reviewing the permissions associated with your assigned role.
For detailed setup instructions, see the How to Set Up NetSuite Integration in Tropic article.
For Troubleshooting guide, please visit the NetSuite Integration Troubleshooting article.