Receiving ExpensiError NS0109 when attempting to connect with Token Based Authentication
Please help!
I'm attempting to connect to NS for the first time (migrating off QB Online) and have followed the instructions for token based authentication but am receiving the same error each time I try to connect.
Answers
-
Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify TeamHi @caryhammond, welcome to the Community. Would be able to share the error you're receiving as well as which step in the process you are when you receive it?
Thanks!
-
The error listed is ExpensiError NS0109 (claims I don't have the correct credentials). This is after filling in the token information for NetSuite and hitting continue.
-
Hi @caryhammond Can you confirm that under the Token role you created, you have permissions for both User Access Tokens and Token Access Management set to full?
-
Yes, both permissions (User Access and Token Access) set to full and still no connection.
-
We also established a token for the Full Access role but received the same error.
-
Thanks @caryhammond! Was the token role added to a user with administrator access?
-
“No; we have not assigned Admin access to this integration user. We established tokens for an expanded ‘Expensify Integration’ role and the ‘Full Access’ role. We’d prefer to limit access to a custom role. Is there a reason why we should assign Admin access?
It might also be worth pointing out that we are attempting to establish this integration with a generic email address ‘[email protected]’. Could this possibly be an issue? We have seen TBA instructions from other NS partners underscore the need to connect with an active email address.
Any chance we can arrange a quick call to troubleshoot? We really need to get this connection established ASAP. Thanks!”
-
@caryhammond I'm reaching out to you directly to discuss this since I'm going to need more information. Talk to you soon!
-
@Nicole Trepanier I am facing a similar issue to Cary and our team has tried similar processes to enable the integration. Did you resolve this issue with Cary? Can you please let us know how the issue was resolved and assist?
-
@jakeposner This error is generally related to NetSuite settings so it varies by company. I recommend reaching out to [email protected] with screenshots of your role's setup permissions. Because this is a new feature, your question will be escalated to me to troubleshoot directly. Thanks!
-
Nicole - could you send the calendly again?
-
@caryhammond I'll reach out to you directly.
-
@Nicole Trepanier we're also getting
Login Error. Please check your credentials.when we try to connect to our Netsuite environment using token-based authentication
Our Expensify Integration role has all the permissions we understand are necessary:
-
Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
@rdingwall thanks for posting. Can you confirm that under the Token role you created, you have permissions for both User Access Tokens and Token Access Management set to full? Additionally, was the token role added to a user with administrator access?
Thanks!
-
@Sheena Trepanier both permissions are set to full.
Can you please explain why administrator access is required?
My understanding is that the Expensify Connect integration just needs access to read and write certain record types, which should be able to be granted by adding specific permissions to the role.
As a principle of least privilege we would never grant a third party integration unrestricted administrator-level access to our general ledger.
-
@rdingwall It isn't a requirement but we have seen the token connection work while the user has an administrator role even though the token is created for the Expensify Integration role. It failed without the administrator role so we are looking into if there is a setting we are missing. They were able to remove the administrator role from the user once connected.
One thing I would like to have you check is if SAML is enabled under Setup > Company > Enable Features. If so, can you make sure SAML permissions are added to the Expensify Integration role and if not, make sure the role does not have SAML permissions?
-
Thanks for your help @Nicole Trepanier. I've done a bit more investigation, and according to the Login Failures: Results report inside Netsuite, the reason Expensify cannot authentication is because of a "consumer_key_unknown" error detail:
I understand that the consumer key identifies the Netsuite Integration record. However I'm a bit confused. When I click Connect to Netsuite, Expensify only asks for the User Token and User Secret. How does Expensify know which consumer key to use?
Expensify's setup instructions says to create an Integration record but it doesn't say what to do with the consumer key and consumer secret which are generated.
I've also tried using the consumer key in a place of the account ID, with no avail.
@rdingwall It isn't a requirement but we have seen the token connection work while the user has an administrator role even though the token is created for the Expensify Integration role. It failed without the administrator role so we are looking into if there is a setting we are missing. They were able to remove the administrator role from the user once connected.
Got it. I've seen this mentioned in the Netsuite documentation that some integrations need to be set up as Administrator the first time you log in, to establish trust.
One thing I would like to have you check is if SAML is enabled under Setup > Company > Enable Features. If so, can you make sure SAML permissions are added to the Expensify Integration role and if not, make sure the role does not have SAML permissions?
SAML is disabled
-
@rdingwall I've reached out to you directly.
-
I am having this same issue, and have similarly followed the guidance on this page, and scrutinized my settings in NetSuite. Still I'm getting the 'Invalid Credentials' when trying to authenticate with my NetSuite tokens. @Nicole Trepanier can you lend us a hand in this?
Thanks!
John
-
Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
@NSAdmin_Philly, @rdingwall, @caryhammond, @jakeposner
Great news! We’ve released an update to the Expensify Connect bundle in NetSuite that has fixed the token-based authentication issues. Here are the steps you’ll need to follow to get connected:- Go to Customization > Search & Install bundles > List, and locate Expensify Connect.
- Update the bundle to version 1.5
- In your search bar type “Integration”
- You should see an Expensify integration in the list that doesn’t have an application ID. This is the one created with the bundle. Block any other integration records you’ve created for Expensify.
- Type “tokens” into the search bar, and create a new token. You should only see the one Expensify integration listed.
- Save your tokens
- Go to Expensify, enter your updated tokens and connect!
We’ve also updated our help article to reflect the corrected steps. Let us know if you have any questions!
-
Hello - you indicated that the help resource was updated to include this information, but when I search the help document this information has not been added. Please ensure this is added as it took me more time than it should have to find this string (my bundle is still updating so it remains to be seen whether this solves my similar issue). In addition, the error message I receive when trying to connect via token takes me to a help article (“resolve ExpensiError NS0109”) that only speaks to logging in with a username and password. This is also misleading and time wasting. Please update that as well. Thank you.
