Prepare NetSuite Connection User For Riva

  • Updated

Applies to Riva Cloud and Riva On-Premise.

The Riva connection to NetSuite requires the credentials of a NetSuite user that is assigned to a NetSuite role with sufficient permissions to create, edit, remove, export, and import data that will be synchronized by Riva. Most customers employ a user who is assigned to the Administrator role. The Administrator role is then configured as the default web services role for the NetSuite user that will authenticate with the Riva connection.


  1. Prepare the target user accounts in NetSuite.
  2. Gather information for creating the Riva NetSuite connection.
  3. Enable NetSuite Features and Web Services.
  4. Create an Integration Record.
  5. Create a NetSuite role for Web Services.
  6. Assign the role to the Riva Connection user account.
  7. Configure the role to the Web Services default role for the Riva connection user.
  8. Create an access token.

Step 1: Prepare the Target User Accounts in NetSuite

When using Riva with a connection method of impersonation, a single connection user is used to authenticate with NetSuite. This connection user synchronizes on behalf of each mailbox added to Riva. For the sync to match a mailbox with a NetSuite employee, Riva requires the NetSuite employee to have an email address that matches the Primary SMTP Email address.

Example: If the NetSuite email address for Ian Sample is, then the SMTP email address value for the corresponding email account must also be

Riva connects to NetSuite with a single connection user; this user must be a privileged NetSuite user. However, this also allows Riva to synchronize data on behalf of any employee in NetSuite, even if that employee does not have a NetSuite user record.

Riva can sync data on behalf of a NetSuite advanced partner center user. Bear in mind that Riva still needs to connect to NetSuite by using a privileged platform user to sync each employee's NetSuite information to the employee's mailboxes.

  • Ensure that both the Login Access and the Inactive fields are made visible on the Employee details profile.
  • Ensure that the user in NetSuite has the Sales Rep role and the Support Rep role. These roles can be enabled when creating the TBA Role. This is required for syncing modules such as quotes, cases, and opportunities.

Step 2: Gather Information for Creating the Riva NetSuite Connection

Gather the following information. It is required when you create a Riva connection to the NetSuite system:

  • The NetSuite Username and Password of the Riva connection account.

  • The NetSuite Account Number. To find it, log in to NetSuite as an Administrator, and select Setup > Integration > SOAP Web Services Preferences > Account ID.

  • Consumer Key and Consumer Secret. (This will be generated after completing Step 4.)

  • Token ID and Token Secret (This will be generated after completing Step 8.)

Step 3: Enable NetSuite Features and Web Services

Riva requires certain NetSuite features and Web Services. This procedure will ensure that the features and services are available for preparing the role in Step 5.

  1. As an Administrator, select Setup > Company > Enable Features.

  2. Navigate to the Company tab and scroll down to the Access menu.

  3. Ensure that the Core Administration Permissions check box is selected.

  4. Navigate to the Employees tab and scroll down to the Permissions menu.

  5. Ensure that the Global Permissions check box is selected.

  6. Navigate to the SuiteCloud tab and scroll down to the SuiteTalk (Web Services) menu.

  7. Ensure that the SOAP Web Services check box is selected.

  8. Select Save.

Step 4: Create an Integration Record

  1. As an Administrator, select Setup > Integration > Manage Integrations.

  2. Select New.

  3. Type the name, for example, "Riva TBA".

    Note: You can name it anything that suits your process.

  4. Ensure that the State is Enabled.

  5. On the Authentication tab, select Enable Token-based Authentication.

  6. Select SaveMake a note of the Consumer Key and Consumer Secret in a safe place, because they are required when setting up a Riva connection.

    Warning: When the screen is exited, the Consumer Key and Consumer Secret become permanently invisible. If they are lost, a new integration record must be created.

Step 5: Create a NetSuite Role for Web Services

Security policies and best practices often prevent using the administrator role for web services. It is possible to create a role, configure permissions, and assign that as the default role for web services. Riva needs appropriate list permissions to modify the data of target NetSuite user accounts. Create a role that will have enough permissions for Riva to view, create, modify, reassign, and remove data for target users. These permissions will be used for web services only.

  1. As an Administrator, navigate to Setup > Users/Roles > Manage Roles.

  2. Select New.

  3. Type the name, for example, "Riva TBA role".

    Note: You can name it anything that suits your process.

  4. On the Authentication tab, select the Web Services only role check box.

  5. Select the Core Administration Permissions check box.

  6. Under the Subsidiary Restrictions section, select All.
  7. On the same page, navigate to Permissions > Lists subtab and add the following with Full Level Access:

    • Accounts
    • Calendar
    • Cases
    • Companies
    • Contacts
    • Customers
    • Documents and Files
    • Employee Record
    • Employees
    • Events
    • Items
    • Partners
    • Phone Calls
    • Project Tasks
    • Tasks
    • Track Messages
    • Vendors
    • Work Calendar
  8. On the same page, navigate to Permissions > Setup subtab and add the following with Full Level Access:

    • Access Token Management
    • Deleted Records
    • User Access Tokens
    • SOAP Web Services
  9. If you use Opportunities in NetSuite, then on the same page, add Opportunity as Full Level Access on the Permissions tab > Transactions subtab.

  10. Select Save.

  11. If you want to sync private events in NetSuite, see Sync private events from NetSuite 2013 or Higher: Riva Cloud Corporate and Riva On-Premise.

Step 6: Assign the Role to the Riva Connection User Account

  1. As an Administrator, navigate to Setup > Users/Roles > Manage Users.

  2. Select the Riva connection account user; that is, the user that you will be using for the Riva NetSuite connection.

  3. Select Edit, and then navigate to the Access > Roles subtab.

  4. On the drop-down list, select the web services role, which was created in step 5.

  5. On the Global Permissions subtab, add the following with Full Level access:

    • Deleted Records
    • Employee Record
    • Employees
  6. Select Save.

Step 7: Configure the Role to be the Web Services Default Role for the Riva Connection User

  1. Navigate to Setup > Integration > SOAP Web Services Preferences.

  2. On the Name drop-down list, select the Riva connection account user.

  3. On the Web Services Default Role drop-down list, select the desired account role.

    Expected result: The Role ID number becomes visible.

  4. Save the Web Services Preferences.

Step 8: Create an Access Token

  1. Navigate to Setup > Users/Roles > Access Tokens.

  2. Select New.

  3. In the Application Name field, on the drop-down list, select the Integration name that was created in step 4.

  4. Select the connection user that the web service role was applied to in step 6.

  5. Select the web services role created in step 5.

  6. In the Token name field, select the default name.

  7. Ensure that the Inactive checkbox is cleared (=empty), and select Save.

  8. Make note of the Token ID and the Token Secret in a safe place, because they are required when setting up the Riva connection.

    Warning: When the screen is exited, the Token ID and Token Secret become permanently invisible. If they are lost, a new access token must be created.

Was this article helpful?




Article is closed for comments.