1. Overview & Architecture
The NetSuite AI Connector Service enables secure, two-way communication between NetSuite and AI assistants like Claude and ChatGPT. Built on the open Model Context Protocol (MCP), it allows you to query NetSuite data, run reports, execute saved searches, and even create or update records using natural language.
What is MCP?
The Model Context Protocol is an open standard that defines how AI systems communicate with external applications. Think of it as a USB port for AI - a standardized interface that allows AI assistants to discover available tools, request data, and execute actions in external systems. NetSuite implemented MCP to provide a vendor-agnostic way to connect AI to your ERP without lock-in to any specific AI provider.
The architecture follows a client-server model. NetSuite acts as the MCP server, exposing tools and data. Your AI assistant (Claude or ChatGPT) acts as the client, sending requests to NetSuite. Authentication uses OAuth 2.0, and all requests respect your NetSuite role permissions - the AI can only access data you're authorized to see.
Available Capabilities
With the MCP Standard Tools SuiteApp, you can:
- Query NetSuite records using natural language (customers, vendors, transactions, items)
- Run SuiteQL queries without writing SQL - describe what you need and the AI constructs the query
- Access saved searches and view results conversationally
- Retrieve report data directly from NetSuite
- Create and update records through conversational commands
- Analyze financial data, inventory levels, and operational metrics
The Administrator role cannot be used with MCP. NetSuite explicitly blocks this for security reasons. You must create a dedicated custom role for MCP access.
2. Prerequisites & Requirements
NetSuite Requirements
- Active NetSuite account (works with both Production and Sandbox environments)
- Administrator access for initial setup and SuiteApp installation
- Access to SuiteApp Marketplace
- User accounts with appropriate roles for AI access
AI Platform Requirements
Required: Claude Pro, Max, or Team plan. The free tier does not support custom connectors.
Claude offers the most streamlined setup experience with native MCP support through the built-in NetSuite connector.
Required: ChatGPT Plus, Pro, or Business plan with Developer Mode enabled.
ChatGPT Business users can share connectors across the organization once published.
Subscription Plan Comparison
| Platform | Plan | MCP Support | Notes |
|---|---|---|---|
| Claude | Pro / Max | ✓ Full | Native connector, easiest setup |
| Claude | Team / Enterprise | ✓ Full | Admin can manage connectors for team |
| ChatGPT | Plus | ✓ Dev Mode | Requires enabling Developer Mode |
| ChatGPT | Pro | ✓ Dev Mode | Requires enabling Developer Mode |
| ChatGPT | Business | ✓ Full | Can publish connectors to workspace |
3. NetSuite Configuration
Before connecting any AI client, you need to configure NetSuite. This involves enabling features, installing the MCP Standard Tools SuiteApp, and creating a custom role with appropriate permissions. Complete these steps in order.
We strongly recommend completing initial setup and testing in a Sandbox environment before configuring Production. Sandbox contains a copy of your Production data, so treat it with the same security considerations.
Step 1: Enable Required Features
Several NetSuite features must be enabled before MCP will function. Log in with an Administrator role and navigate to Setup > Company > Enable Features.
Under the SuiteCloud subtab, locate the SuiteScript section. Check the Server SuiteScript box. This is required for the MCP tools to execute.
Under the SuiteCloud subtab, locate the SuiteTalk (Web Services) section. Check the REST Web Services box. This enables the REST API that MCP uses for record operations.
Under the SuiteCloud subtab, ensure OAuth 2.0 is enabled. This authentication method is required for secure AI client connections.
Click Save at the bottom of the page. Feature changes take effect immediately.
Step 2: Install the MCP Standard Tools SuiteApp
NetSuite provides a managed SuiteApp containing pre-built MCP tools. This SuiteApp is free and automatically updated when new features are released.
Navigate to Customization > SuiteCloud Development > SuiteApp Marketplace. If you don't see this menu option, your role may lack the required permissions.
In the search field, enter MCP Standard Tools. Click on the SuiteApp when it appears in results.
Review the SuiteApp details, including included permissions and capabilities. Click Install in the top right corner. Installation typically completes within a few minutes.
After installation, you can verify success by navigating to Customization > SuiteCloud Development > Installed SuiteApps. MCP Standard Tools should appear in the list.
NetSuite previously offered an "MCP Sample Tools" SuiteApp which has been deprecated. The current offering is "MCP Standard Tools" which is actively maintained. If you have the older Sample Tools installed, consider migrating to Standard Tools for continued support.
Step 3: Create a Custom MCP Role
The Administrator role cannot use MCP - this is a deliberate security restriction. You must create a dedicated custom role for MCP access. This role should follow the principle of least privilege: grant only the permissions necessary for intended AI operations.
Go to Setup > Users/Roles > Manage Roles. Click New to create a new role.
Give the role a clear, descriptive name such as "MCP AI Access Role" or "Claude Integration Role". For multi-subsidiary accounts, set Accessible Subsidiaries to "All" if the AI needs cross-subsidiary access. Enable Allow Cross-Subsidiary Record Viewing if needed.
Scroll to the Permissions section. Under the Setup subtab, add the following permissions (see next section for details).
Under the appropriate subtabs (Transactions, Lists, Reports), add view or edit permissions for the records the AI should access. Start with View permissions only - you can expand to Edit/Create later if needed.
Click Save. Then assign this role to the user(s) who will connect the AI client. Go to Setup > Users/Roles > Manage Users, edit the user record, and add the new role under the Access subtab.
Required Permissions Reference
The following permissions are required for MCP connectivity. Additional permissions depend on which tools and data you want to access.
Core MCP Permissions (Required)
| Permission | Level | Location | Purpose |
|---|---|---|---|
| MCP Server Connection | Full | Setup | Required to access MCP tools |
| Log in using OAuth 2.0 Access Tokens | Full | Setup | Required for AI client authentication |
| REST Web Services | Full | Setup | Required for record operations via MCP Standard Tools |
| Perform Search | Full | Setup | Required for saved search and query tools |
Additional Permissions by Tool
The tools visible in your AI client depend on your role's permissions. Here are common permissions for typical use cases:
To query and manage customer/vendor records:
- Customers - View (minimum) or Full for create/edit
- Vendors - View (minimum) or Full for create/edit
- Contacts - View or Full depending on needs
To query sales orders, invoices, and other transactions:
- Sales Order - View (minimum) or Full
- Invoice - View (minimum) or Full
- Purchase Order - View (minimum) or Full
- Bill - View (minimum) or Full
- Journal - View (minimum) or Full
For financial analysis and report access:
- Accounts - View
- Financial Statements - View
- Reports - appropriate report permissions
- Saved Searches - View/Run permissions for relevant searches
For inventory queries and management:
- Items - View (minimum) or Full
- Inventory - View
- Locations - View
- Item Fulfillment - View or Full
Begin with View-only permissions and the minimum required access. Once you've validated the integration works correctly, you can expand permissions incrementally. This approach reduces risk during initial testing.
4. Connecting Claude to NetSuite
Claude offers native support for the NetSuite AI Connector through its built-in connector system. This provides the smoothest setup experience of any AI platform.
Connection Steps
Log in to claude.ai with your Pro, Max, or Team account. Click your profile icon in the bottom left, then select Settings.
In Settings, click Connectors in the left sidebar. You'll see a list of available connectors and any existing connections.
Click Add connectors or the plus icon. Under the Web tab, locate and select NetSuite AI Connector. You can also search for "NetSuite".
Enter your NetSuite MCP endpoint URL. The format is:
https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/allReplace <ACCOUNT_ID> with your actual NetSuite account ID (e.g., "1234567" or "TSTDRV1234567" for sandbox).
Click Connect. A new window opens to NetSuite's login page. Log in with the user account that has the MCP role assigned. Critical: Select your custom MCP role from the role selector - do not use Administrator.
Review the authorization prompt. This shows what access you're granting. Click Allow to complete the connection. You'll see a success message if everything is configured correctly.
Return to Claude. Click the tools icon (wrench/hammer) in a new chat. You should see NetSuite listed with available tools. The specific tools depend on your role permissions.
Testing Your Connection
Once connected, test with simple queries before attempting complex operations:
- "Show me my top 10 customers by revenue"
- "List all open sales orders from the last 30 days"
- "What's the current inventory level for [item name]?"
- "Run a query to find customers with overdue invoices"
Alternative: Custom Connector Setup
If you need to connect to specific SuiteApps rather than all available tools, you can use a custom connector URL:
https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/suiteapp/com.netsuite.mcpstandardtoolsThis connects only to the MCP Standard Tools SuiteApp rather than all MCP tools in your account.
5. Connecting ChatGPT to NetSuite
ChatGPT supports MCP connectors through Developer Mode. The setup process differs slightly from Claude and requires enabling advanced features first.
MCP integration requires Developer Mode, which is not enabled by default. Review OpenAI's documentation on risks and limitations before enabling this feature.
Enable Developer Mode
Log in to chatgpt.com with your Plus, Pro, or Business account. Click your profile icon and select Settings.
Click Connectors in the settings menu. For Business accounts, this may be under Workspace > Connectors.
Click Advanced and toggle Developer mode to on. You may need to accept additional terms.
Create the NetSuite Connector
In the Connectors section, click Create a connector or the plus icon.
Fill in the following fields:
- Name: A descriptive name (e.g., "NetSuite Production" or "NetSuite Sandbox")
- Description: Optional description of this connection
- URL: Your NetSuite MCP endpoint (see below)
- Authentication: OAuth 2.0
Enter your NetSuite MCP endpoint:
https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/allSave the connector, then click to connect. Authenticate with NetSuite using your MCP-enabled user and role.
When the NetSuite login appears, select your custom MCP role - not Administrator. Complete the OAuth authorization.
ChatGPT Business: Sharing Connectors
ChatGPT Business accounts have an advantage: administrators can publish connectors for the entire workspace.
First, create and test the connector as described above. Verify it works correctly with your NetSuite account.
Open the connector settings and click Publish. The connector becomes visible to all workspace members.
Other users can now find the connector in the available connectors list. They authenticate with their own NetSuite credentials and MCP role - no Developer Mode required for workspace members to use published connectors.
6. Managing Multiple NetSuite Accounts
Many NetSuite users need to connect to multiple instances - typically Production and Sandbox, or for consultants managing multiple client accounts. Both Claude and ChatGPT support multiple simultaneous connections.
Understanding Account IDs
Each NetSuite instance has a unique account ID that forms part of your MCP URL. Finding your account ID:
- Log in to NetSuite
- Navigate to
Setup > Company > Company Information - The Account ID appears near the bottom of the right column
Account ID formats vary:
- Production: Typically numeric (e.g.,
1234567) - Sandbox: Often prefixed (e.g.,
1234567_SB1orTSTDRV1234567) - Release Preview: Different prefix (e.g.,
1234567_RP)
Setting Up Multiple Connections in Claude
Set up your primary connection (typically Production) following the standard process. Give it a clear name like "NetSuite Production".
Return to Settings > Connectors and add another NetSuite connector. Use a distinct name (e.g., "NetSuite Sandbox") and enter the appropriate account ID in the URL.
Each connection requires separate authentication. You'll need valid credentials and an MCP role in each NetSuite instance.
Switching Between Accounts
In Claude
Claude handles multiple connections through its connector management:
- Open a new chat in Claude
- Click the tools icon to see available connectors
- Each NetSuite connection appears as a separate entry
- Enable/disable specific connections for the current conversation
- To switch environments, disable one connection and enable another
You can also have multiple connections active simultaneously - Claude will use the appropriate one based on context or ask for clarification if ambiguous.
In ChatGPT
ChatGPT manages connections through the connector settings:
- Go to Settings > Connectors
- View your list of configured NetSuite connectors
- Each connection can be enabled/disabled independently
- In conversation, specify which environment to use if multiple are active
Business users can have access to team-shared connectors plus personal connectors for different environments.
Best Practices for Multi-Account Management
Use clear, consistent names that identify:
- Company/client name
- Environment (Prod/Sandbox/RP)
- Purpose if multiple roles exist
Example: "Acme Corp - Production" or "Client ABC - Sandbox (Read Only)"
Consider different MCP roles for different purposes:
- Read-only role for queries and analysis
- Edit role for record modifications
- Sandbox role with broader permissions for testing
Before executing any create or update operations, always verify you're connected to the intended environment. A simple query like "What environment am I connected to?" or checking the account name in responses can prevent accidental Production data modifications.
For Consultants and Fractional CFOs
If you manage multiple NetSuite clients, consider these approaches:
- Separate Connector Per Client: Create distinct connectors for each client's Production and Sandbox (if applicable). Name them clearly: "Client A - Prod", "Client B - Sandbox".
- Consistent Role Naming: Use consistent role names across client accounts (e.g., "MCP Consultant Access") to simplify permission discussions and auditing.
- Document Access: Maintain records of which accounts you have MCP access to, including role permissions granted. This supports client audits and your own access management.
- Session Management: Be aware that OAuth tokens have expiration times. You may need to re-authenticate periodically, especially after extended periods of inactivity.
7. Troubleshooting
MCP integration involves multiple components - NetSuite configuration, network connectivity, AI client setup, and permissions. When issues arise, systematic troubleshooting helps identify the root cause.
Common Issues and Solutions
Likely Cause: Incorrect MCP URL format or missing /all endpoint.
Solution: Verify your URL follows the correct format:
https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/allThe /all suffix is required. Without it, the connection will appear disconnected even if authentication succeeds.
Likely Causes:
- MCP Standard Tools SuiteApp not installed
- User's role lacks required permissions
- Connected with Administrator role (not allowed)
Solution:
- Verify the MCP Standard Tools SuiteApp is installed in your NetSuite account
- Check that your MCP role has
MCP Server ConnectionandLog in using OAuth 2.0 Access Tokenspermissions - For Standard Tools, also verify
REST Web ServicesandPerform Searchpermissions - Ensure you selected your custom MCP role (not Administrator) during authentication
Likely Causes:
- OAuth 2.0 feature not enabled in NetSuite
- User doesn't have the MCP role assigned
- Account ID in URL doesn't match the login account
Solution:
- Verify OAuth 2.0 is enabled:
Setup > Company > Enable Features > SuiteCloud - Confirm the user has the MCP role:
Setup > Users/Roles > Manage Users - Double-check the account ID in your MCP URL matches your target account
Likely Cause: Role permissions are insufficient for specific tools or record types.
Solution: Tool visibility depends on role permissions. Review the permissions table in Section 3 and add required permissions for the specific tools you need. Remember:
- Each tool has specific permission requirements
- You can only access records your role permits
- Edit operations require Edit/Full permissions, not just View
Likely Cause: The MCP role lacks permissions for the underlying records or scripts.
Solution:
- Check NetSuite's script execution logs:
Customization > Scripting > Script Execution Log - Identify which permission is missing from the error details
- Add the required permission to your MCP role
- Reconnect or refresh the AI client connection
Likely Cause: The SuiteApps folder in NetSuite's File Cabinet has restricted access.
Solution:
- Navigate to
Documents > Files > File Cabinetin NetSuite - Locate the SuiteApps folder
- Check the folder's access settings - it may be limited to specific users
- Expand access to include users with MCP roles, or ensure your MCP user has File Cabinet access
You can test this by calling the MCP endpoint via Postman to see the actual error response.
Likely Cause: Large data queries exceed Claude's conversation context limits.
Solution: This occurs when MCP returns large datasets. To mitigate:
- Use more specific queries that return fewer records
- Add date ranges or other filters to reduce result size
- Request summarized data rather than detailed record lists
- Break large analyses into multiple smaller queries
Possible Causes:
- AI hallucination - the AI may generate plausible but incorrect information
- Query misinterpretation - the AI may not understand your request correctly
- Permission filtering - you may only see partial data based on your role
Solution:
- Always validate AI responses against NetSuite directly for critical data
- Be specific in your queries - include record types, date ranges, and field names
- Ask the AI to show the SuiteQL query it generated so you can verify logic
- Check if your role has subsidiary or other restrictions that filter results
Diagnostic Steps
When troubleshooting, work through these checks systematically:
Confirm Server SuiteScript, REST Web Services, and OAuth 2.0 are all enabled in Setup > Company > Enable Features.
Verify MCP Standard Tools appears in Customization > SuiteCloud Development > Installed SuiteApps.
Check your MCP role in Setup > Users/Roles > Manage Roles. Verify all required permissions are present.
Verify the user has the MCP role assigned in their user record under Setup > Users/Roles > Manage Users.
After first connection, verify an integration record was created: Setup > Integration > Manage Integrations. It should show "Claude AI" or "ChatGPT" with MCP scope enabled.
If operations fail, check Customization > Scripting > Script Execution Log for error details.
Testing with Postman
For advanced troubleshooting, you can test the MCP endpoint directly using Postman. This helps isolate whether issues are in NetSuite configuration or the AI client.
- Set up OAuth 2.0 authentication in Postman using your NetSuite credentials
- Send a GET request to your MCP endpoint URL
- A successful response returns available tools in JSON format
- Error responses indicate specific configuration issues
8. Security Best Practices
Connecting AI to your ERP creates powerful capabilities but also introduces risks that must be managed. NetSuite's MCP implementation includes security controls, but proper configuration and governance are your responsibility.
Understanding the Risks
Malicious input could potentially manipulate the AI into executing unintended operations. While AI providers have safeguards, defense in depth is essential.
AI may generate plausible but incorrect information. Never rely solely on AI-provided data for critical business decisions without verification.
Built-in NetSuite Controls
NetSuite's MCP implementation includes several security features:
- Administrator Restriction: The Administrator role cannot be used with MCP, preventing the highest-privilege access
- Role-Based Permissions: All MCP operations respect your NetSuite role permissions - the AI cannot access data or perform actions beyond what the role allows
- OAuth 2.0 Authentication: Secure, token-based authentication with configurable expiration
- Audit Logging: All MCP requests are logged in NetSuite's standard audit mechanisms
- Explicit Consent: Users must explicitly authorize AI client access to their NetSuite account
Recommended Security Practices
Grant only the minimum permissions required for intended operations. Start with View-only access and expand incrementally. Create separate roles for different access levels (read-only analysis vs. record modification).
Consider creating dedicated user accounts for MCP access rather than using personal accounts. This simplifies audit tracking and access management. Some organizations create separate users for Production vs. Sandbox access.
Always test in Sandbox before Production. Use stricter permissions in Production than Sandbox. Consider read-only Production access with edit capabilities only in Sandbox.
Never trust AI-generated data blindly, especially for financial decisions. Verify critical information against NetSuite directly. Be particularly cautious with aggregated or calculated figures.
Both Claude and ChatGPT offer options to opt out of using your data for model training. Review and configure these settings according to your data governance requirements. ChatGPT business plans have additional enterprise privacy controls.
Periodically review who has MCP access, what permissions are granted, and whether access is still needed. Remove connections and deactivate roles that are no longer required.
Concurrency and Resource Management
MCP requests consume NetSuite API resources and count against your account's concurrent request limits. For accounts with heavy integration traffic:
- Monitor concurrency usage in
Setup > Integration > Web Services Preferences - The MCP integration record allows setting a specific concurrency limit allocation
- Consider scheduling AI-heavy analysis during off-peak hours
- Be aware that complex queries may take longer and hold connections
If your organization is subject to regulations like GDPR, SOC 2, or industry-specific requirements, review how AI integration affects your compliance posture. Key considerations include data residency (where AI providers process data), data retention policies, and audit trail requirements. Consult your compliance team before deploying in regulated environments.
9. Quick Reference
MCP URL Formats
| Purpose | URL Format |
|---|---|
| All Available Tools | https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/all |
| Standard Tools Only | https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/suiteapp/com.netsuite.mcpstandardtools |
| Specific SuiteApp | https://<ACCOUNT_ID>.suitetalk.api.netsuite.com/services/mcp/v1/suiteapp/<publisher>.<project> |
Required Permissions Checklist
Setup Tab (all required):
- ☐ MCP Server Connection - Full
- ☐ Log in using OAuth 2.0 Access Tokens - Full
- ☐ REST Web Services - Full
- ☐ Perform Search - Full
Plus record/transaction permissions as needed for your use case.
NetSuite Navigation Paths
| Action | Navigation Path |
|---|---|
| Enable Features | Setup > Company > Enable Features |
| SuiteApp Marketplace | Customization > SuiteCloud Development > SuiteApp Marketplace |
| Manage Roles | Setup > Users/Roles > Manage Roles |
| Manage Users | Setup > Users/Roles > Manage Users |
| View Integration Records | Setup > Integration > Manage Integrations |
| Script Execution Logs | Customization > Scripting > Script Execution Log |
| Company Information (Account ID) | Setup > Company > Company Information |
Helpful Resources
This guide reflects NetSuite AI Connector capabilities as of January 2026. Features and interfaces may change as NetSuite and AI platforms evolve. Always refer to official documentation for the most current information.