In your business, your NetSuite instance and your ClientPoint engagement platform are the two most critical pillars of your revenue engine. One is your system of record, holding all customer data. The other is your system of engagement, where all your client relationships are built. The connection between them isn’t just a convenience; it’s the central nervous system of your sales process.
But what happens if that connection is weak, outdated, or insecure?
It creates friction for your sales team, but more importantly, it creates significant risk for your entire organization. In a world where the global average cost of a data breach has hit a staggering $4.88 million, according to a 2024 IBM report, security is not an optional feature - it's a foundational requirement.
That’s why our engineering team has been hard at work on a critical, proactive upgrade to our NetSuite integration. Today, we’re proud to announce our move from the legacy OAuth 1.0 protocol to the modern industry standard: OAuth 2.0 with OpenID Connect (OIDC).
This isn't just a version number change. It's a fundamental re-architecture of how our platforms communicate, designed for a faster, more secure, and more reliable future.
The Hard Truth About Legacy Tech
Let's be honest: no one on your sales team wakes up thinking about authentication protocols. They just want their tools to work. They want to click the "ClientPoint" tab in a NetSuite opportunity and have it load instantly, with the right information, every single time.
But for your IT, security, and operations leaders, the how it works matters.
The old OAuth 1.0 protocol, once a workhorse, is now a known liability. It requires complex cryptographic signatures for every request and lacks the flexibility and granular control of modern standards. Sticking with it in today's environment is like using a complex, single-passkey for a bank vault when the rest of the world has moved to biometrics and time-locked safes.
From Outdated Protocol to Modern Standard: The Move to OIDC
Our new integration scraps that old model entirely. By embracing OAuth 2.0 using the Authorization Code Grant Flow, we are adopting the most secure and robust standard for web applications.
More importantly, we are now leveraging NetSuite as the OpenID Connect (OIDC) provider.
This is a critical strategic shift. Instead of ClientPoint managing authentication through a clunky, external connection (the old SuiteSignOn component), we are now allowing NetSuite itself to be the source of truth. This centralizes authentication within the platform you already trust, giving you more control and visibility. It’s a "digital handshake" that is both stronger and smarter, ensuring that the right people get the right access for the right amount of time and nothing more.
A Look Under the Hood: What’s New in the SuiteBundle
For the NetSuite administrators reading this, you know that the "magic" happens in the SuiteBundle. We’ve re-engineered this from the ground up, replacing outdated components with new, streamlined scripts.
The Old Way (Our OAuth 1.0 Bundle):
The previous integration relied heavily on a Suitelet script (customscript4) and an "Outbound Connections" component (SuiteSignOn) to manage the complex OAuth 1.0 authentication. This was functional, but it was a "black box" that operated outside of your direct control and was less efficient.
The New Way (Our OAuth 2.0 OIDC Bundle):
Our new bundle is cleaner, more native to NetSuite, and far more powerful. We've removed the old Suitelet and Outbound Connection entirely.
Here are the new components that matter:
OIDC-SSO(User Event Script): This is the new engine. It’s a User Event Script that natively handles the OAuth 2.0 flow and OIDC Single Sign-On process. When a user clicks the ClientPoint subtab, this script validates their session, manages the tokens, and refreshes them as needed, all within NetSuite.subtabScript.js(File Cabinet): This new client-side script is dedicated to one thing: rendering the ClientPoint subtab on your entity and transaction records. It’s lighter and faster than the old method, resulting in a snappier, more reliable experience for your sales reps.Token Authentication Role(Custom Role): This is a major upgrade for security and manageability. Instead of forcing you to add broad permissions to your existing sales roles, we've created a dedicated, pre-configured role. You can now assign this specific role (or its permissions) to users, giving them only the access required for the integration to function and nothing more.
What This Actually Means for You:
A Faster, More Stable Experience: Your sales team will see the ClientPoint tab load more quickly on Opportunity and Customer records.
Superior Security: The entire authentication flow is now managed by NetSuite as the OIDC provider, using the industry-best OAuth 2.0 protocol.
Granular, Admin-Friendly Control: The new
Token Authentication Rolegives you precise control over who can use the integration, with pre-set permissions for things likeAccess Token Management,Log in using OAuth 2.0, andREST Web Services.
Your Path to a More Secure Integration
We’ve designed the update process to be as smooth as possible. We have a complete, step-by-step technical guide available in our knowledge base for your NetSuite administrator.
Here is a high-level overview of the path forward:
For New ClientPoint Customers: You're all set. Your new installation of the ClientPoint SuiteBundle will automatically use this new, more secure OAuth 2.0 framework from day one.
For Our Existing, Valued Customers: Migrating is a straightforward, one-time process. Your NetSuite administrator will need to update the existing SuiteBundle, which replaces the old components with the new ones.
The four main steps are:
Enable OIDC Features in NetSuite: First, you’ll navigate to
Setup > Company > Enable Features > SuiteCloudand ensure thatOpenID Connect (OIDC) Single Sign-on,Token-based Authentication, andNetSuite as OIDC Providerare all enabled.Update Your SuiteBundle: You will install the latest version of the ClientPoint for NetSuite bundle, which contains all the new scripts and roles.
Update Your User Roles: You will need to edit your custom sales roles to add the permissions from our new
Token Authentication Role. This is a critical step to ensure your users can log in via OIDC.Update the Integration Record: Finally, you'll edit your existing ClientPoint integration record under
Setup > Manage Integration. You will enableAuthorization Code Grant, set theRedirect URItohttps://https.clientpoint.net/netsuite/oauth-callback, and enableREST Web Services.
We’ve Thought of Everything (Even Safari)
A new implementation is only as good as its testing. We’ve proactively identified and solved for the most common environment-specific issues. Our guide includes clear instructions for:
MFA Configurations: How to ensure the new token role works seamlessly with users who have Multi-Factor Authentication enabled.
Browser Privacy Settings: How to advise your users to adjust Safari's "Prevent Cross-Site Tracking" setting, which can interfere with the iframe used in the OIDC flow.
Browser Cache: How to clear cached cookies that can sometimes cause login conflicts during the transition.
Rollback Plan: In the unlikely event of a major issue, we have also documented a full, step-by-step Rollback Instruction guide to revert to the OAuth 1.0 bundle, ensuring 100% business continuity.
Our Commitment to Your Success
This upgrade is a reflection of our core promise. We believe you shouldn't have to choose between a powerful sales experience and a secure one.
You trust ClientPoint to handle your most important relationships, and we take that responsibility seriously. We will always do the hard, proactive work on our infrastructure so you can stay focused on what you do best: building trust and closing deals.
Have any questions? Please contact us at support@clientpoint.net