Skip to main content
Beta: This page contains beta features and may change.
The NetSuite connector integrates key financial and operational records from your NetSuite ERP into Glean, allowing teams to search invoices, purchase orders, customer billing data, and related entities alongside the rest of your enterprise knowledge (Drive, Confluence, Slack, etc.). This integration unifies NetSuite with enterprise search and supports high-value workflows:
  • Surface NetSuite records directly in Glean search results alongside content from other systems, eliminating the need for users to switch tools for common finance, Revenue Operations (RevOps), or back-office tasks.
  • Enable scenarios such as viewing unpaid invoices, checking purchase order status, and looking up customer or vendor records and their related transactions directly from Glean.
  • The connector enforces NetSuite’s role-based permissions (RBAC) and segment restrictions (subsidiary, department, location, class), ensuring users only see the NetSuite data they are entitled to view in NetSuite itself.

Supported objects and data

Objects crawled

The NetSuite connector currently crawls the following objects:
  • Customers
  • Vendors
  • Transactions (master transaction records)
    • Purchase Orders
    • Sales Orders
    • Invoices
    • Vendor Bills
Transaction line items are also indexed and associated with their parent transactions, enabling more granular queries on line‑level details such as quantities, unit prices, and line amounts.

Identity and permissions data

To mirror NetSuite access controls, the connector also crawls identity/segment objects at full‑crawl intervals:
  • Permission and role groups (permission_groups, role_groups, role_group_members, user_ancestor_groups)
  • Segment hierarchies (subsidiary_parents, subsidiary_members, department_parents, department_members, location_parents, location_members, class_parents, class_members)
This identity data is used purely for permission enforcement and does not appear as user‑visible content in search.

Permissions and security

NetSuite enforces access through a combination of role‑based permissions and segment restrictions (subsidiary, department, location, class). The connector mirrors these rules in Glean:
  • Role‑based visibility: Users only see transactions and master records they can access via their NetSuite roles (for example, AP vs. Sales vs. Finance roles).
  • Segment‑based restrictions: Records limited by subsidiary, department, location, or class obey those restrictions in Glean; users in another region or segment cannot see them.
  • Ownership / “my records” behavior: Tests validate that users can see records they own (or that are assigned to their subordinates) while being prevented from viewing unassigned or unrelated records, consistent with NetSuite “my records” semantics.
When a user opens a NetSuite result from Glean, final access is still enforced by NetSuite itself.

Crawling strategy and update frequency

The NetSuite connector currently uses full crawls for both identity and content data:
  • Identity crawl (groups and segments)
  • Content crawl (business data)
Glean can tune these full‑crawl intervals (expressed in seconds) per object type to balance freshness and API load. If you need specific SLAs for update latency, work with your Glean representative to adjust the configuration. Because there is no incremental crawl yet, changes in NetSuite become visible in Glean after the next scheduled full crawl completes.

Requirements

Technical requirements

  • An active NetSuite account with REST Web Services enabled.
  • Support for OAuth 2.0 Machine‑to‑Machine (Client Credentials) authentication in your NetSuite environment.
  • Network connectivity from Glean to the NetSuite API endpoints (typically over the public internet; any firewall or IP allowlisting must permit Glean’s traffic).

Credential requirements

You will need the following information during setup:
  • NetSuite Account ID
  • A Machine‑to‑Machine OAuth 2.0 Server Application in NetSuite with:
    • Integration type: OAuth 2.0 Server Application
    • Grant type: Client Credentials
    • Scope: REST Web Services
  • The application’s Client ID
  • An X.509 certificate and private key pair for the integration (generated via OpenSSL or your PKI and uploaded to Glean).

Permission requirements

  • The user configuring the integration in NetSuite must have Administrator privileges with access to the Setup menu and Integration Management features.
  • The service account / integration app must have read access to the NetSuite objects you intend to index (customers, vendors, transactions, etc.).

Setup and configuration

Step 1: Create the NetSuite integration (OAuth 2.0 M2M)

  1. Log in to NetSuite as an administrator.
  2. Navigate to Setup > Integration > Manage Integrations.
  3. Click New and create an integration application with the following characteristics:
    • Application type: OAuth 2.0 Server Application
    • Grant type: Client Credentials
    • Scope: REST Web Services
  4. Save the integration and copy the generated Client ID. You will use this in the Glean Admin console.

Step 2: Generate certificate and private key

Use OpenSSL (or your internal PKI tooling) to generate an X.509 certificate and private key pair for the Machine‑to‑Machine integration. For example: 
# Generate private key
openssl genrsa -out netsuite_private_key.key 4096

# Generate certificate signing request (CSR)
openssl req -new-key netsuite_private_key.key -out netsuite.csr

# Generate self-signed certificate (example: valid for 1 year)
openssl x509 -req -days 365 -in netsuite.csr -signkey netsuite_private_key.key -out netsuite_certificate.crt

# Create a copy with .pem extension for NetSuite upload
cp netsuitecertificate.crt netsuitecertificate.pem

Step 3: Upload the certificate to NetSuite

  1. Navigate to Setup > Integration > OAuth 2.0 Client Credentials (M2M) Setup.
  2. Click Create New.
  3. Select Entity and Role: Administration.
  4. Select the application created earlier (Glean M2M Integration).
  5. Upload your netsuite_certificate.pem file. Note the Certificate ID for later setup.

Step 4: Create Service Account User

  1. Navigate to Setup > Users/Roles > Manage Users.
  2. Create or designate a user with Administrator role that has the following permissions:
    • Administrator role assigned (required for API access)
    • REST Web Services: Full access
    • Log in using OAuth 2.0 Access Tokens: Enabled
    • Login using OAuth 2.0 Client Credentials Grant: Required
Upload the resulting certificate and private key in the Glean Admin console during connector setup.

Step 5: Configure the NetSuite data source in Glean

  1. In the Glean Admin console, go to Data sources > Add data source, and select NetSuite.
  2. Give the data source a recognizable name and icon (for example, NetSuite – Finance). This label appears in search filters and results.
  3. In the Setup tab, enter the following:
    • Account ID: your NetSuite account ID
    • Client ID: from the NetSuite integration application
    • Certificate file: upload the X.509 certificate
    • Private key file: upload the matching private key
  4. Save the configuration to trigger the initial full crawl. Depending on dataset size, the first crawl can take some time to complete.

Step 6: Verify search behavior

After the initial crawl finishes:
  1. Open Glean and search using a query such as app:netsuite purchase order or app:netsuite customer testcompany1.
  2. Confirm that NetSuite records (customers, purchase orders, invoices, vendor bills, etc.) appear with the expected metadata and that permissions align with what you see in NetSuite.
For example, you should see NetSuite transactions (purchase orders, sales orders, invoices) and account records appearing in Glean’s results list with status, amount, and key dates.