Skip to main content
CFCX Work

Administration Updates in NetSuite 2020.1

2020.1 Administration |
  • Deprecation Plan for the Full Access Role
    • See Differences in Employee Access Permissions on the Role Permission Differences Page
    • New File Cabinet Default for Hide Attachments Folder Preference
    • Antivirus Scanning on File Cabinet Files in All Accounts
  • Internationalization
    • Introducing Localization Context – User Event and Client Script Association
    • Subsidiary Hierarchy Modification
    • Automated Intercompany Management Preferences Relocated
    • Internal Tags Displayed in Translated Record and Transaction Names
  • Authentication
    • OAuth 2.0 Delegated Access for REST Web Services and RESTlets
    • Deprecation of Google OpenID SSO and NetSuite Inbound SSO Features
    • TBA Authorization Flow Enhancements
    • Inbound SSO Access to Commerce Websites Through OpenID Connect (OIDC)
    • Service Provider-Initiated Flow Support for SAML Single Sign-on Access to Commerce Websites
    • Session Invalidation on Commerce Websites Can Result from Changes to User Credentials
    • Password Policy Changes for Commerce Websites
    • Embedding Sensitive Website Pages in an iFrame is Prohibited
  • Cloud Infrastructure
    • Data Center-Specific NetSuite Domains for Integrations are Targeted for Deprecation
    • Automated Conversion of Data Center-Specific Domains in NetSuite
    • New Content Delivery Network Available for Secure Commerce Websites
    • Incorrect HTTP Status Code 206 is Changing to 500
  • SuiteApps
    • Operation ID Field Added on Page Time Details
    • Deprecation of Script Queue Monitor (Beta) Change Account Setup and Maintenance

Deprecation Plan for the Full Access Role

The Full Access role has been deprecated since NetSuite 2019.1 and is targeted to be disabled as of 2021.1. As an interim step in this process, as of January 2020, this role will be set to inactive. The Full Access role will no longer appear in the list of roles available for users who have this role assigned. Before your account is upgraded to 2021.1, make sure that any customizations in your account that are running under the Full Access role work under another role without causing any errors. The following changes were made to the Full Access role as of 2019.1:

  • The Full Access role was renamed to Full Access (deprecated).
  • You cannot assign the Full Access role to new users.
  • When users log in with the Full Access role, they see a notification indicating that the Full Access role is being deprecated.
  • A permission called Core Administration Permissions became available. This permission provides access to some of the same functions that are currently available to users with the Full Access role. You may be able to use Core Administration Permissions as an alternative to the Full Access role. For more information, see the help topics Full Access Role, Customizing or Creating NetSuite Roles and Core Administration Permissions. See Differences in Employee Access Permissions on the Role

Permission Differences Page

You can use the Role Permission Differences feature to quickly compare permissions between roles. As of NetSuite 2020.1, it is possible to see differences in Employee Access permissions and restrictions between different roles. Differences in Employee Access permissions are shown in their own category called Employee Access. This is useful when you want to, compare Employee Access permissions between a customized role and the role on which it is based. To compare permission differences between two or more roles, go to Setup > Users/Roles > User

Management > Show Role Differences

Employee Access permissions are part of the Advanced Employee Permissions feature. This feature gives

Administrators more flexibility and control over the fields and sublists on the employee record that are available to the role. To enable feature, go to Setup > Company > Enable Features. On the Employees subtab, in the Permissions section, check the Advanced Employee Permissions box. For more information see the help topics Advanced Employee Permissions Overview and Showing Role Permission Differences. New File Cabinet Default for Hide Attachments Folder

Preference

To ensure that only users with adequate permissions can access confidential records and associated files in the File Cabinet, the attachments folder is now hidden by default. As of 2020.1, the Hide Attachments Folder box on the General Preferences page is checked for all new customers.

Change

When the Hide Attachments Folder box is checked, the following folders in the File Cabinet are visible to

Administrators only:

  • Attachments Received
  • Attachments Sent
  • Mail Merge To manage this preference, Administrators can check or clear the Hide Attachments Folder box at Setup > Company > Preferences > General Preferences. For more information, see the help topic Restricting Access to File Cabinet Folders.

Antivirus Scanning on File Cabinet Files in All Accounts

As of 2020.1, all NetSuite accounts are protected against viruses and malware to provide increased security. An embedded antivirus scanner automatically scans all new and updated files as they are uploaded to the File Cabinet. Files are uploaded only if they pass the scan. Files attached to email messages are also scanned for viruses. All scanning is done automatically. No configuration or setup is required. For more information, see the help topic Antivirus Scanning on File Cabinet Files. Internationalization Introducing Localization Context – User Event and Client Script

Association

NetSuite 2020.1 introduces support for record localization context, and the ability to filter script execution according to localization context. Developers can use these features to tailor scripts for certain countries, and to prevent these scripts from deploying unnecessarily on records associated with other countries. Limiting script execution in this manner can improve record performance. For more information about these features, see the following:

  • Determining the Localization Context
  • Records That Support Localization Context
  • Localization Context–Aware Scripts For more information about setting up localization context filtering for user event and client script execution, see Localization Context Filtering for SuiteScript 2.0. Localization context filtering is supported for scripts in bundles. For information, see Localization Context Filtering Supported for Scripts in Bundles.

Determining the Localization Context

The localization context of a record represents the country or countries associated with that record. The system automatically determines the localization context of a record on the basis of the values in specific country fields, such as subsidiary and tax nexus fields. These values represent individual countries, such as France, United Kingdom, or Germany.

Change

The system follows a defined process to determine the localization context for a record, based on a variety of factors. The following diagram illustrates this process: START What is the Subsidiaries Item Record Type? Entity (Country) Transaction Is the Record The record type is Type a Fulfillment? Yes now set to a fulfilled transaction. No Subsidiary (Country) Is the Record + Type an inter-company Yes ToSubsidiary transfer order? (Country) Does the item No include child Yes Subsidiary + Children subsidiariers? (Country) Is the Does the Record Type a Nexus (Country)

Yes Record Instance have Yes

No Taxable Transaction? a Nexus? Subsidiary (Country) No No Subsidiary (Country) The process progresses through the decision tree from the “START” to one of the results in dark–gray rectangles. The results of the process list the field on which the specific localization context is based. For example, if the result is “Subsidiary (Country),” the localization context is based on the value of the country field of the respective subsidiary. The localization context of a record can contain multiple countries; it is not limited to a single option. When scripts are filtered based on localization context, a script is run if its context association rule is set to at least one of the countries of the localization context.

For localization context filtering in client scripts, the determination of localization context is dynamic:

  1. A user changes a field which is used to determine the localization context of a record.
  2. Context determination is immediately triggered again to make sure that the localization context is correctly set.
  3. Based on the new localization context, the relevant scripts are loaded from the server and attached to the record and the scripts that are no longer applicable are detached. For more information about determination of localization context, see Localization Context. Change

Records That Support Localization Context

Use of the localization context feature is currently limited to standard records of the following types:

  • Item
  • Transaction
  • Entity For more details about supported records, see Records that Support Localization.

Localization Context–Aware Scripts

As of NetSuite 2020.1, administrators and other users with access to scripts can set up a localization context association rule for a SuiteScript 2.x user event or client scripts. You can set a localization context association rule on the script deployment record by selecting the country or countries for which a script is relevant. Script deployments with a localization context association rule result in context–aware scripts. Localization context–aware scripts only run on records associated with a defined country or countries. The execution of context–aware scripts is filtered by comparing the localization context of the record to the country values selected on the script deployment record. This filtering is useful for users with subsidiaries in multiple countries, because it causes the script deployment to run faster. For more details on how to set up a localization context association rule that filters script execution based on records’ associated countries, see Localization Context Filtering for SuiteScript 2.0.

During script deployment, the localization contexts of records are verified against the countries selected

on the script deployment record before these scripts load and run. The context–aware scripts skip other records. Script maintenance is easier, because you can be sure that scripts only run on relevant records. Note: Any and all scripts created before NetSuite 2020.1 are not localization context-aware to guarantee backward compatibility. Example: The record localization context is determined as “France” and the context association rule is employed — the scripts deploy in the following way:

  • The context–aware scripts deploy only on the records with localization context “France.”
  • Any other scripts deploy on all the records.

Subsidiary Hierarchy Modification

As of 2020.1, NetSuite enables users with appropriate permission to modify their subsidiary hierarchy structure, if required. Businesses may need to modify their subsidiary hierarchy when they change the headquarter subsidiary, or to elevate a subsidiary in the hierarchy. For details about the subsidiary hierarchy modification functionality, see Subsidiary Hierarchy Structure Modification. Contact Customer Support for assistance with subsidiary hierarchy modification.

Automated Intercompany Management Preferences Relocated

As of 2020.1, the Automated Intercompany Management feature preferences have been removed from the Items/Transactions subtab on the Accounting Preferences page. These preferences are now located at Setup > Accounting > Preferences > Intercompany Preferences. You must have the Setup Accounting permission to access the Intercompany Preferences page. For more information about the Automated Intercompany Management preferences, see Intercompany Preferences. Change Internal Tags Displayed in Translated Record and Transaction

Names

You may see internal tags in translated record and transaction names in the user interface. For example, instead of Record, you may see {#Record#}. These tags may be related to record renaming. If you find these tags displayed in the user interface, please contact NetSuite Customer Support so that we can make a correction in a future release. For more information about contacting NetSuite Customer Support, see the help topic NetSuite Support. For more information about renaming records, see the help topic Renaming Records and Transactions. Authentication OAuth 2.0 Delegated Access for REST Web Services and

RESTlets

A new approach to access REST Web Services and RESTlets is now available. OAuth 2.0 provides an alternative to Token-based Authentication. OAuth 2.0 is more straightforward to implement, because request signing is not required. OAuth 2.0 has a standard authorization code grant flow at the end of which an application gets a pair of tokens – an access token and a refresh token. The access token is valid for 60 minutes and is used to access the protected resource. After the access token expires, the application uses the refresh token to request a new access token, without the requirement to initiate the flow from the very beginning. Note: The refresh token expires after 7 days. After it has expired, an application initiates the flow from the first step. The authorization code grant flow for OAuth 2.0 consists of the following steps:

  1. An authorization request is sent to the authorization endpoint URI.
  2. If there is no active session, the user logs in NetSuite. When the authorization request is received, a consent screen displays where the user can allow or deny authorization for an application to access protected NetSuite resources. If the user grants access to the application on the consent screen, the redirect follows to redirect URI with the authorization code received.
  3. The application exchanges the authorization code for the access and refresh tokens on the Token Endpoint URI. To enable OAuth 2.0 feature, go to Setup > Company > Enable Features. On the SuiteCloud tab, in the Manage Authentication section, check the OAuth 2.0 box. When this feature is enabled, the user must configure the use of OAuth 2.0 on the integration record.

Defining OAuth 2.0 on Integration Records

To define OAuth 2.0 on integration records, go to Setup > Integration > Manage Integrations. To edit a record, click the name of the record. To create a new record, click New.

On the Integration setup page, you should set values for the following fields:

  • Scope – You must choose the type of protected resources for which a user can use OAuth 2.0 for access. You can enable RESTlets, REST web services, or both.
  • Redirect URI – You must enter a Uniform Resource Identifier (URI) that uses the HTTPS protocol (recommended) or a custom URL schemes.

Change

Important: The transport-layer security is mandatory on the Redirect URI.

  • Authorization Code Grant – You must check this box for OAuth 2.0 to work.
  • For the following optional fields, select files that have been uploaded to your File Cabinet:
    • Application Logo
    • Application Terms of Use
    • Application Privacy Policy After you save the page, the system displays the client ID and client secret. You should save the client ID and client secret, as they are required for client authentication in OAuth 2.0 authorization code grant flow, when the access and refresh tokens are generated.

Warning: The client ID and client secret are only displayed after you save a new integration

record. If you lose or forget the client ID and client secret, you must reset them to obtain new values. Treat these values as you would a password.

New OAuth 2.0 Permissions

The OAuth 2.0 feature introduces two new permissions:

  • OAuth 2.0 Authorized Applications Management:
    • Is primarily for Administrators or roles with Core Administration Permissions.
    • Requires two-factor authentication (2FA).
    • Enables users to view or revoke any OAuth 2.0 authorized applications in the account.
  • Log in using OAuth 2.0 Access Tokens – enables users to:
    • Access REST Web Services and RESTlets using OAuth 2.0 access tokens.
    • View their OAuth 2.0 authorized applications.
    • Revoke OAuth 2.0 authorized applications they authorized previously. Deprecation of Google OpenID SSO and NetSuite Inbound SSO

Features

Google OpenID Single Sign-on (SSO) and the NetSuite proprietary Inbound Single Sign-on (SSO) features

are targeted for deprecation. Partners and customers with solutions based on these features must update these solutions to use an alternative inbound single sign-on feature. OpenID Connect (OIDC) SSO and SAML SSO provide alternatives for inbound SSO access to NetSuite and Commerce websites.

  • To use OpenID Connect (OIDC) SSO, see the help topic OpenID Connect (OIDC) Single Sign-on. See also OpenID Connect (OIDC) Access to Web Store.
  • To use SAML SSO, see the help topics SAML Single Sign-on and SAML Single Sign-on Access to Web Store. The deprecation schedule is as follows:
  • As of the 2020.1 upgrade, partners and customers will no longer be permitted to use the NetSuite proprietary Inbound SSO feature or the OpenID SSO feature to create new solutions.
  • Before the 2020.2 release, partners and customers must migrate existing solutions using OpenID SSO to use OpenID Connect (OIDC) or SAML SSO.

Change

  • Before the 2021.1 release, partners and customers must migrate existing solutions using NetSuite Inbound SSO to use OpenID Connect (OIDC) or SAML SSO. In addition to the deprecation of the NetSuite and Google OpenID inbound SSO features, requests using the ssoLogin operation to access SOAP web services must transition to use Token-based Authentication (TBA). See Operations Removed in 2020.1 SOAP Web Services Endpoint. See also Token- based Authentication (TBA) and Token-based Authentication and Web Services.

TBA Authorization Flow Enhancements

The Token-based Authentication (TBA) Authorization Flow has been enhanced to improve the experience for application developers. Enhancements include:

  • The realm parameter (also called the Company ID and the Account ID) is no longer required. For the first two steps of the flow, the developer should use the account-specific domain. However, if the account ID is not known, requests can be sent to the system.netsuite.com domain.
  • The callback URL now supports multiple ports on a localhost (http://localhost:). This is the only case where use of the asterisk () character is permitted.
  • A new tokeninfo endpoint returns information about a user based on the access token. The endpoint is https://.restlets.api.netsuite.com/rest/tokeninfo, where is a variable for the company’s account ID. A response to a GET request contains data in JSON format, including information such as:
    • Company Name
    • Company ID (account ID)
    • Role Name
    • Role ID
    • Entity ID For more information, see the help topic The Three-Step TBA Authorization Flow. Inbound SSO Access to Commerce Websites Through OpenID

Connect (OIDC)

As of 2020.1, OpenID Connect (OIDC) can be used to access Commerce websites as an alternative to SAML Single-Sign on. With OIDC, users have autonomy over security administration because an OpenID Connect Provider (OP) manages security administration. The following restrictions apply to the use of OIDC for Commerce websites:

  • OIDC access is supported only for websites on custom domains, not on netsuite.com.
  • You cannot use both SAML Single Sign-on and OIDC Single Sign-on for the same website. You must choose one single sign-on method.
  • All users must use the same type of credentials, either logging in using the website login form or OP login form.
  • A website must be fully protected to support the OIDC Single Sign-on feature. To provide this protection for the website, you must do the following:
    • On the Set Up Web Site page, on the Web Presence subtab, in the Web Site section, check the Advanced Site Customization box.
    • Go to Setup > Site Builder > Set Up Web Site. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box.

Change

To enable OpenID Connect (OIDC) feature, go to Setup > Company > Enable Features. On the SuiteCloud tab, in the Authentication section, check the OpenID Connect (OIDC) Single Sign-on box. An Administrator must configure an application’s OIDC access to NetSuite. The first step is to choose an

OP. To find a certified OP vendor, go to https://openid.net/certification. To register a client application

(website), use the OP administration tools with the client_secret_basic authentication method. Use the client ID and client secret to configure the inbound single sign-on for websites in NetSuite. Important: The OIDC configuration is not shared between the NetSuite application and

Commerce websites. An Administrator must configure OIDC on the SSO tab of the website’s setup

page. Website users must be assigned the OpenID Connect (OIDC) Single Sign-on permission to log in to the website successfully. If a valid configuration of OIDC is present for a website:

  • If there is no active session, users are redirected to the OP login form for authentication. After successful authentication, users are returned to the requested protected resource.
  • If there is an active session, the requested protected resource is displayed. Note: Single logout (SLO) is not supported at this time. Service Provider-Initiated Flow Support for SAML Single Sign- on Access to Commerce Websites

Users can now access Commerce websites using the Service Provider-Initiated Flow for SAML Single

Sign-on. If you have a valid configuration of SAML Single Sign-on for a website, the Service Provider-

Initiated flow starts with a SAML request from the Service Provider. Users authenticate themselves with

the Identity Provider (IdP). After authentication, users are redirected to the requested protected resource. Support for this feature is available only in accounts where the SAML Single Sign-on feature is enabled. The following restrictions apply to the Service Provider-Initiated Flow:

  • The SAML Single Sign-On Service Provider-Initiated Flow is supported only for websites on custom domains, not on netsuite.com.
  • You cannot use both SAML Single Sign-on and OIDC Single Sign-on for the same website. You must choose one single sign-on method.
  • All users must use the same type of credentials, either logging in using the website login form or IdP login form.
  • A website must be fully protected to use the SAML Single Sign-On Service Provider-Initiated Flow. To protect your website, you must do the following:
    • On the Set Up Web Site page, on the Web Presence subtab, in the Web Site section, check the Advanced Site Customization box.
    • Go to Setup > Site Builder > Set Up Web Site. On the Shopping subtab, in the Registration Page section, check the Password-Protect Entire Site box. Session Invalidation on Commerce Websites Can Result from

Changes to User Credentials

For enhanced security, if a user’s credentials are changed during an active Commerce website session, the user is now automatically logged out of the website. This change in behavior is referred to as explicit

Change

session invalidation. A change in a user’s credentials ends the session if the change occurs while the user is logged in. User credentials include a user’s password, if the assigned role exists or an entity is active.

For example, logged-in users who change their passwords are now automatically logged out of the

website. These users must log in to the website again, creating new sessions using their new passwords. This automatic logout also occurs if a website administrator makes changes to a user’s credentials while the user is logged in to the website. Explicit session invalidation applies to all SuiteCommerce Advanced, SuiteCommerce, SuiteCommerce My Account, and Site Builder websites.

Password Policy Changes for Commerce Websites

As of 2020.1, a stronger password policy is now enforced for Commerce websites. The stronger policy applies to any newly created or changed password for users who register on Commerce websites and to users logging in with the Customer Center role. The stronger policy is not enforced for existing users with passwords that do not match the new criteria, unless the existing users change their passwords.

Changes to the password policy include:

  • The minimum password length has changed from six characters to eight characters.
  • Easy to guess or potentially compromised passwords are now prohibited.

Embedding Sensitive Website Pages in an iFrame is Prohibited

Oracle NetSuite prohibits the presentation of sensitive pages in an iFrame (an inline frame, using the

HTML tag

login pages was prohibited. Browsers would no longer render the NetSuite login pages on a Commerce website. This prohibition against presenting NetSuite pages in an iFrame has been extended to apply to Change Password and Change Email Address pages. If you have a Site Builder website, review your authentication logic to ensure your account complies with the security policy described in Secure Login Access to Your NetSuite Account. See also Displaying Login Fields on Your Web Page. If you are presenting sensitive pages in an iFrame, you must make changes to comply with this prohibition before 2020.2. Cloud Infrastructure Data Center-Specific NetSuite Domains for Integrations are

Targeted for Deprecation

You should transition your integrations to use account-specific domains as soon as possible. Using account-specific domains removes dependencies on the data center where your account is hosted. The schedule for the deprecation of data center-specific domains is as follows:

  • As of 2020.1, integration requests sent to data center-specific domains will no longer be processed in sandbox, special purpose, and Release Preview accounts. In most cases, requests to the following domains will be affected by this deprecation:
    • webservices.na0.netsuite.com
    • webservices.eu1.netsuite.com
    • rest.na0.netsuite.com
    • rest.eu1.netsuite.com

Change

Note: Special purpose accounts include test drive, development, demo, and student accounts. A few special purpose accounts use the webservices.na2.netsuite.com and rest.na2.netsuite.com data center-specific domains. Special purpose accounts sending requests using these domains will also be affected by the deprecation.

  • Targeted for 2020.2, integration requests sent to data center-specific domains will no longer be processed in production accounts. In cases where an application accesses more than one NetSuite account, you can use dynamic discovery methods to obtain the correct URLs. For information about the available discovery methods, see the help topic Dynamic Discovery of URLs for SOAP Web Services and RESTlet Clients.

All NetSuite account types can still access the following domains for dynamic discovery purposes:

  • webservices.netsuite.com: To dynamically discover the URL for SuiteTalk SOAP web services requests.
  • rest.netsuite.com: To dynamically discover URLs for NetSuite services in RESTlets, or the URL for SuiteTalk REST web services. Automated Conversion of Data Center-Specific Domains in

NetSuite

Before 2016.2, all NetSuite domains contained a data center identifier as part of the domain name. This data center identifier made it difficult to move an account to a different data center. To take full advantage of NetSuite’s cloud architecture, you should not use data center-specific URLs to access NetSuite resources.

Account-specific domains were introduced beginning in 2016.2. An account-specific domain includes your

NetSuite account ID as part of the domain name. Account-specific domains are available for access to the

NetSuite UI, and for external (Online) forms, External Suitelets, RESTlets, SuiteTalk SOAP and REST web

services, SuiteAnalytics Connect, and external catalog sites (WSDK). For more information, see the help topic URLs for Account-Specific Domains. You should transition to use account-specific domains as soon as possible. The NetSuite application can help you and your users during this transition.

Assistance with the Transition to Account-Specific Domains

The NetSuite application offers several methods to assist you during the transition to account-specific domains:

  • Automatic Redirection
  • Automatic On-Read Translation of Data Center-Specific URLs
  • Traffic Health Note: You should transition your integrations to use account-specific domains as soon as possible. See Data Center-Specific NetSuite Domains for Integrations are Targeted for Deprecation.

Automatic Redirection

When users access the NetSuite UI, the browser automatically redirects them from the system.netsuite.com domain to an account-specific domain. This redirection is transparent for users. Change

Automatic On-Read Translation of Data Center-Specific URLs

You should transition from using data center-specific URLs in your account. However, it is not always possible to quickly change all of your embedded links to use account-specific domains. Data center- specific links may be embedded in the Shortcuts portlet, in custom fields and custom center links, and in marketing campaign email and online forms. When the NetSuite application encounters a data center- specific URL during an active session, it automatically translates the URLs in the request to an account- specific domain. This automatic translation is transparent for users.

account-specific domain. (That is, as the URL is read, the system translates a data-center specific URL to the appropriate account-specific domain URL.) The on-read translation of the URL has the benefit of making an extra HTTPS request unnecessary. An extra HTTPS request would normally result in an HTTP response status 301 Moved Permanently for a permanent redirect, but this error does not occur. The correct URL using the account-specific domain URL is already part of the rendered data or page in the browser. Important: Be aware that on-read translation does not change the hard-coded data center- specific URLs in your account. This feature translates these URLs to account-specific domains during active sessions. You should make a plan to update the data center-specific links in your account and replace them with links containing your account-specific domain. For more information, see the following release notes:

  • Account–Specific Domains Supported in Custom Fields and Custom Center Links
  • Account-Specific Domains for Marketing Campaigns and Online Forms

Traffic Health

The Traffic Health page is available in the NetSuite UI. The Traffic Health page can help you find URLs for SOAP web services and RESTlet requests in your account that are using data center-specific domains.

Administrators and other users with the Set Up Company permission can go to Setup > Company >

Company Management > Traffic Health to access this page. For more information, see the help topic Traffic Health. Note: Requests that are automatically redirected by the HTTP protocol are shown in Traffic Health reports. For example, the extra HTTPS request necessitated by an automatic redirect is shown on a Traffic Health report. For more information, see the help topic How to Transition from Data Center-Specific Domains New Content Delivery Network Available for Secure Commerce

Websites

A new Content Delivery Network (CDN) is available for secure Commerce websites. The new CDN, a new hosting infrastructure, and a new type of SSL certificate work together to increase the security of your

Commerce website. When you change over to a different CDN, it is a good practice to change the keys

used by the SSL certificate. Changes to the SSL certificate renewal process support this practice. After May 31, 2020, you will not be able to use your existing SSL certificate together with CDN caching. Before the deadline, you will have to obtain a new certificate where Oracle NetSuite manages the certificate key pair for CDN functionality to remain enabled. Oracle NetSuite now offers you two options for certificate deployment.

Change

  • Automatic Certificate option: Oracle NetSuite offers the Automatic Certificate option, at no additional cost to you, to simplify the process of retrieving a new certificate.
    • In 2020.1, Oracle NetSuite can obtain a Domain Validated (DV) certificate dedicated exclusively to your NetSuite-hosted website. This process is completely transparent to you and your account. Oracle NetSuite will also handle renewal of these certificates.
    • You can enable the Automatic Certificate option on the Domain page in the NetSuite UI. (Go to

Setup > SuiteCommerce Advanced /Site Builder > Domains). The Automatic Certificate option lets

you seamlessly migrate to a new DV certificate. Selecting the Automatic Certification option permits Oracle NetSuite to obtain and manage your certificate.

  • This NetSuite-managed certificate is exclusively for your NetSuite-hosted website. This exclusivity prevents potential malicious misuse of your website certificate. It is not possible to export the private key of the certificate from NetSuite.
  • Manual Certificate option: If you prefer to use a certificate issued by a Certificate Authority (CA) of your choice, you will be able to download a CSR (Certificate Signing Request) for your domain in the

NetSuite UI. Your CA must process this CSR. When you receive the certificate from your CA, you must

upload it through the NetSuite UI so that the certificate can be deployed to your NetSuite-hosted website. You cannot deploy this certificate outside of NetSuite. If you wish to manage the SSL certificate yourself, you must act well in advance of May 31, 2020. You must download the CSR from NetSuite, obtain a certificate from a CA of your choice, and upload the certificate to NetSuite. Important: If you cannot replace your certificate by May 31, 2020 (using either the Automatic

Certificate or the Manual Certificate option) Oracle NetSuite will temporarily switch off the CDN

caching for your website. Without caching, your website performance may be slower. Switching off the CDN gives you more time to replace your certificate. You can enable CDN caching again after you use either of the two available options to replace your certificate. The new CDN will be a front-end domain, hosting websites even for domains that are not configured for caching. After the upgrade to 2020.1, you must use the new certificate deployment options to renew expiring certificates for Commerce websites. Oracle NetSuite will generate the CSR. You will no longer be able to generate the CSR yourself with OpenSSL as you may have done in the past. For more information, see the help topic Prerequisites for Setting Up Secure Domains.

Incorrect HTTP Status Code 206 is Changing to 500

In the past, some browsers inappropriately processed the HTTP status code 500 (Internal Server Error). As a work-around for such situations, NetSuite began using the HTTP status code 206 (Partial Content). The problem that caused some browsers to inappropriately process the 500 error code has long been resolved. However, this work-around (returning the 206 status code) continued to be used in NetSuite. In 2020.1, NetSuite will start returning the correct HTTP status code 500 instead of returning status code 206. Important: Attention NetSuite customers, partners, the Software Development Network (SDN), and NetSuite Professional Services (PSG): You may have created customizations (for example, RESTlets or Suitelets) where the way the error is handled depends on the HTTP status code 206 (Partial Content). If so, these customizations should be modified so that they also support the correct status code 500 (Internal Server Error). HTTP status code 500 corresponds to the actual error situation that may occur in NetSuite. This workaround (incorrectly returning the 206 status code) is targeted to be removed from NetSuite in June 2020. Change

To access the Manufacturing Mobile SuiteApp, install the Manufacturing Mobile bundle and the latest SCM Mobile bundle. To access the Advanced Manufacturing SuiteApp, install the Advanced Manufacturing bundle. NetSuite Administrators will need to enable the following NetSuite features: Locations, Bins, Work

Centers, and Work Orders:

  • Work Centers — The Manufacturing Mobile SuiteApp leverages standard NetSuite Work Center definitions for non-WIP Work Orders.
  • Bins — All consumed quantity is assigned to a staging bin and produced quantities are assigned to production bins
  • Locations — A work center is associated to a location. A location represents an organization’s warehouse or production facility.

Setting Work Order Context

Establishing a time bound work effort helps operators and managers to distinguish shop floor data and

scope financial and inventory transactions. Multiple operators can work on one work order at the same time. Managers can then use the application to identify what each employee produced and consumed for that work order. The Manufacturing Mobile SuiteApp enables shop floor operators to choose to tap the Start Work button to initiate work on the selected work order. Tapping Resume Work enables operators to resume uncompleted work where they left off. For example, the shift ended before the work was completed. When the next shift resumes, the operator taps Resume Work and picks up the job where they previously left it. After work is started, the Report Work screen (see Reporting Work Order Context) displays the work order number, assembly number, and the employee who started the work. Change

Reporting Work Order Context

The Manufacturing Mobile SuiteApp enables you to separate shop floor activities and reporting from transaction processing. The Consumption and Production options can be selected independently. You can also partially report production and consumption. After completing your assigned work, go to the Report Work screen to formally end your work in the Manufacturing Mobile SuiteApp.

Inventory and Financial Records

After work has ended, NetSuite automatically transacts and updates all reported production and consumption data.

  • Adhoc Builds — NetSuite 2020.1 supports expedited updates to inventory and costing anytime before the work order ends. Production managers can use a NetSuite custom forms to initiate an

Adhoc Build. They cannot do this in the scanner. For example, a customer agreement may require you

to ship products as soon they are finished. Work order production continues as products are shipped.

  • Real-Time Builds — Real-time builds to inventory and costing can be triggered to run automatically from the work order interface.
  • Backflush Component Quantity During Build — Component quantities can be back flushed based on the production quantity. This functionality can be set in the work order interface.
  • Validate Data, Review Exceptions, and Correct Data — The 2020.1 Manufacturing Mobile SuiteApp does not allow data to be corrected from the scanner interface. Only the Production Manager can correct data recorded in the Manufacturing Mobile SuiteApp. The manager uses a NetSuite custom form to validate data to ensure the data is consistent in both NetSuite and the scanner. They will then review the data for any exceptions and potential build errors.

Change

After a data error is identified, the manager can correct the data, revalidate the data, and then trigger the build process. Projects SuiteApps Following is the 2020.1 projects enhancement to SuiteApps:

Preferred First Day of a Week Available for RACG Calendar

In NetSuite 2020.1, the Resource Allocation Chart/Grid calendar now respects the First Day of a Week preference by default. For more information, see the help topic Resource Allocation Chart/Grid SuiteApp. Non-Profit SuiteApps

Following are the 2020.1 non-profit enhancements to SuiteApps:

  • Social Impact Standard Edition
  • Non-Profit Finanicals

Social Impact Standard Edition

The Social Impact Standard Edition is the advanced version of Non-profit Social Impact releases. It provides additional roles and the ability to track relations between two constituents and manage households. In addition to the CEO, CFO, and Grant Administrator roles, the Social Impact Standard Edition contains following new roles:

  • Controller
  • Program Manager
  • A/P Clerk
  • A/R Clerk The Constituent Management feature of Social Impact Standard edition consists of the following:
  • Constituent relationships - You can create and track relationships between different constituents.
  • Households - The Households feature provides the ability to aggregate the information of all the constituents of a family. For more information, see the help topic Social Impact Standard Edition.

Non-Profit Finanicals

The following Financial Accounting Standards Board (FASB) Reports which are developed from Financial

Statement Builder are now moved to a separate SuiteApp called NFP Reports:

  • Statement of Activity
  • Statement of Cashflow

Change

  • Statement of Financial Position
  • Statement of Functional Expenses
  • Grant Statement of Activity

Following are the details of the NFP Reports SuiteApp:

  • Bundle Name: NFP Reports
  • Bundle ID: 301502 For more information, see the help topic Non-Profit Financial Management Food and Beverage SuiteApps

Following is the 2020.1 food and beverages enhancement to SuiteApps:

  • Auto Close Back Orders
  • Route Delivery

Auto Close Back Orders

If a line item on a sales order is partially fulfilled, the remaining quantity is saved as back order. However, in many organizations, such back order quantities are not fulfilled, and the sales order is closed. The Auto

Close Back Orders SuiteApp enables you to close such partially fulfilled back orders automatically, post

billing. The SuiteApp also enables you to maintain a list of items to exclude from automatic closure of back orders.

Following are the bundle details:

  • Bundle Name: Auto Close Back Orders
  • Bundle ID: 300047
  • Version number: 1.00.0
  • Availability: Public For more details, see the help topic Auto Close Back Orders

Route Delivery

Using the Route Delivery SuiteApp, you can create delivery truck and route records and include the route and truck details to the sales orders. The SuiteApp also determines the earliest possible ship date and route for specified location and shipping address.

Following are the bundle details:

  • Bundle Name: Route Delivery
  • Bundle ID: 290640
  • Version number: 1.00.0
  • Availability: Public Route Delivery is a managed SuiteApp that is automatically updated whenever enhancements or new features are added. For more details, see the help topic Route Delivery. Change Taxation SuiteApps

Following are the 2020.1 taxation enhancements to SuiteApps:

  • Portugal Tax Audit Files Field Mapping Page Update
  • Philippines Certificate of Creditable Tax Withheld at Source (Form 2307) Update
  • Cyprus VAT Return Enhancement
  • Singapore Goods and Services (GST) F5 Return Update
  • Germany VAT Return Update
  • Tax Reporting Category for Country Tax Reports
  • Tax Reporting Category Support for Australia and Philippines Tax Reports
  • SuiteTax Support for Tax Groups
  • SuiteTax Reports Enhancements
    • Tax Point Date Support for SuiteTax Reports
    • JAPAC Support for SuiteTax Reports
    • EMEA Tax Audit Files Support for SuiteTax Reports

Portugal Tax Audit Files Field Mapping Page Update

In Tax Audit Files SuiteApp version 1.76.0, the Audit Files Field Mapping page for PT SAF-T Account

Grouping category is updated with the following added filters:

  • Account Type
  • Subsidiary You can map Account instead of Account Type to the Grouping Category list available on the Value column of the Mapping page. Summary Accounts that have sub-accounts can now be mapped with different Grouping Category values. After updating your account to Tax Audit Files SuiteApp version 1.76.0, the previous Grouping Category values mapped to the Account Type will be retained and applied to all Accounts under that Account Type. To learn more, see the help topic Mapping Standard NetSuite fields to SAF-T PT Required Categories. Philippines Certificate of Creditable Tax Withheld at Source (Form 2307) Update

Withholding Tax SuiteApp version 1.44.0 includes enhancements for the Philippine Bureau of Internal

Revenue (BIR) Form No. 2307 as part of the implementation of the Tax Reform for Acceleration and Inclusion (TRAIN) Law. Previous 2307 Form Updated 2307 Form

Report footer declaration: Updated to:

We declare, under the penalties of perjury, We declare under the penalties of perjury that this certificate has

that this certificate is made in good faith, been made in good faith, verified by us, and to the best of our verified by me, and to the best of my knowledge and belief, is true and correct, pursuant to the provisions knowledge and belief, is true and correct, of the National Internal Revenue Code, as amended, and the pursuant to the provisions of the National regulations issued under authority thereof. Further, we give our Change

Previous 2307 Form Updated 2307 Form

Internal Revenue Code, as amended, and the consent to the processing of our information as contemplated under

regulations issued under authority thereof. the *Data Privacy Act of 2012 (R.A. No. 10173) for legitimate and lawful purposes. The updated BIR Form 2307 also includes additional manual input fields to show the Signatory Details in the PDF format of the form:

  • Payor/Authorized Representative/Tax Agent
  • Tax Agent Accreditation No./Attorney’s Roll No.
  • Payee/Authorized Representative/Tax Agent
  • Tax Agent Accreditation No./Attorney’s Roll No. To learn more, see the help topic Setting Up Tax Groups in SuiteTax Engine.

Cyprus VAT Return Enhancement

International Tax Reports version 3.112.0 includes enhancements for the latest VAT return for Cyprus. The

update includes automatic provisioning of the following reduced rates tax codes for newly-created Cyprus subsidiaries: Tax Code Description Rate Available On R1–CY Reduced Rate 9% Both (Sales and Purchases)

R2–CY Special Reduced Rate 5% Both (Sales and Purchases)

The update also reflects the correct reporting of the Cyprus tax codes: Box Reported Tax Codes 1 Tax amount of sales S, R1, R2 Notional tax amount of purchases RC, IS 4 Tax amount of purchases S, R1, R2 Notional tax amount of purchases ES, RC, IS, ESSP, ESSS 6 Net amount of sales S, R1, R2, E,O, Z, ES, ESSS, EZ, RC Net amount of purchases IS, ESSP 7 Net amount of purchases S, R1, R2, E, Z, I, IS, ES, ESSS, EZ, ESSP, RC 9 Net amount of sales Z, O To learn more, see the help topics Cyprus Tax Codes and Cyprus VAT Report.

Singapore Goods and Services (GST) F5 Return Update

International Tax Reports version 3.112.0 includes support for Singapore’s implementation of reverse

charge on imported services and taxing B2C digital services (overseas vendor registration regime). Effective January 1, 2020, Singapore implements Goods and Services Tax (GST) on the following imported services:

  • Reverse Charge (RC) mechanism to tax services imported by GST-registered persons (B2B)

Change

  • Overseas Vendor Registration (OVR) regime to tax digital services imported by non-GST persons including private individuals The GST F5 return update supports the new boxes related to the new tax codes:

Tax Code Description Rate Available On

SRRC-SG GST on imported services by way of reverse charge 0% Purchases

SROVR-SG GST on digital services by way of an overseas vendor 7% Sales registration regime The SRRC-SG and SROVR-SG tax codes are reported in the following boxes of the GST F5 return:

Box Number Label/Description Reported Tax Codes

1 Total value of standard-rated supplies Net amount SROVR-SG, SRRC-SG 5 Total value of taxable purchases Net amount purchase SRRC-SG 6 Output tax due Tax amount SROVR-SG, notional tax amount SRRC- SG 7 Input tax and refunds claimed Notional tax amount SRRC-SG

  • Box 14: Did you import services subject to GST under Reverse Charge?
  • Box 15: Did you operate an electronic marketplace to supply digital services subject to GST on behalf of third-party suppliers? To learn more, see the help topic Singapore GST Report.

Germany VAT Return Update

International Tax Reports version 3.112.0 includes updates to enhance the XML version of the Germany Monthly/Quarterly and Annual VAT returns. The update for the XML version is necessary to align it with the new FormularDepotXI version 15, which enables you to continue submitting your VAT returns online. To learn more, see the help topic Submission of VAT Returns in Germany.

Tax Reporting Category for Country Tax Reports

SuiteTax Reports version 2.00.2 introduces the Tax Reporting Category feature which enables you to

further classify transactions for VAT reporting requirements. On the Item subtab of transaction records, you can assign a category according to your local VAT reporting guidelines in the Tax Reporting Category column. The Tax Reporting Category varies per country and therefore requires support from the regional or country-specific localization SuiteApp. For more information about Tax Reporting Category and to see the list of countries that support this feature, see the help topic Assigning a Tax Reporting Category. Tax Reporting Category Support for Australia and Philippines

Tax Reports

SuiteTax Country Tax Reports JAPAC version 1.00.1 supports the Tax Reporting Category feature for

Australia and Philippines. You can now segregate purchases of capital goods from other transactions and

Change

report it separately in the tax report by selecting the following categories in the Tax Reporting Category column:

  • AU – Capital Goods - category for reporting capital purchases in Australia
  • PH - Capital Goods – category for reporting purchases of capital goods in the Philippines To learn more about assigning a tax reporting category to your transactions, see the help topic Assigning a Tax Reporting Category. The tax return templates for Australia and Philippines are also updated with the preselected Tax Reporting Category filters. For more information about using the Tax Reporting Category as a tax return filter, see the help topic Customizing Localized Tax Returns.

SuiteTax Support for Tax Groups

In SuiteTax Engine version 2.00.1, you can now create tax groups. A tax group enables you to combine and use several tax codes as a single tax code on the tax schedule. The tax group is used either as an entity default tax code or a nexus default tax code. Tax groups are beneficial when you need to apply multiple tax codes. For example, you can combine GST and PST rates for relevant provinces in Canada. The tax records permission is required to create tax groups. For further information, see the help topic Setting Up Tax Groups in SuiteTax Engine. SuiteTax Reports Enhancements

Tax Point Date Support for SuiteTax Reports

SuiteTax Reports version 2.00.0 now supports generation of country tax reports using tax point dates. The tax point date (time of supply) is the date when VAT becomes due. For more information about tax point dates in SuiteTax, see the help topic Tax Point Dates. When you generate a country tax report, you can now choose a tax point start and end date on the period filters. To learn more about generating a tax report using the tax point date, see the help topic Generating Localized Country Tax Reports. The Use Tax Point Date feature is automatically enabled for VAT/GST returns, supplementary VAT/GST reports, and EU cross-border reports. To set up this feature, see the help topic Setting Up Country Tax Reporting Preferences.

JAPAC Support for SuiteTax Reports

The SuiteTax Country Tax Reports JAPAC SuiteApp provides the JAPAC tax report templates and localization for SuiteTax Reports version 2.00.0. If you have SuiteTax Reports and you install SuiteTax Country Tax Reports JAPAC in your account, you can generate localized tax reports for Australia, Japan, New Zealand, Philippines, and Singapore. For more information, see the help topic SuiteTax Country Tax Reports JAPAC. Change

EMEA Tax Audit Files Support for SuiteTax Reports

The SuiteTax EMEA Audit Files SuiteApp provides the France and Germany tax audit file support for

SuiteTax Reports version 2.00.0. If you have SuiteTax Reports and you install SuiteTax EMEA Tax

Audit Files in your account, you can generate the France FEC and Germany GoBD reports. For more information, see the help topic SuiteTax EMEA Audit Files. Change