What’s the big deal about MCP in NetSuite?

Think of MCP as a bridge between large language models (LLMs) and business systems. Instead of jumping between screens, you can just tell Claude:

“Give me information about customer XXX”

…and, thanks to the MCP Sample Tools SuiteApp, Claude will know exactly how to do it—while still respecting your NetSuite role permissions.

The out-of-the-box SuiteApp comes with predefined tools like creating or updating customers, checking balances, running SuiteQL queries, even pulling sales reports. It’s not just a demo—it’s a gateway into a new way of working with NetSuite.

In this post, we’ll guide you through setting up NetSuite and Claude to work with MCP Tools, starting with a hands-on walkthrough using a SuiteApp provided by the Oracle NetSuite team. 

I want to know more about MCP

MCP (Model Context Protocol) is an open protocol designed to make AI agents and large language models (LLMs) more useful by letting them securely interact with external tools, systems, and data. Instead of being locked inside a text-only chat, MCP allows an LLM like Claude to call tools (e.g., create a customer in NetSuite, run a financial query, fetch records) through a standard interface.Think of it as the “plug adapter” between an AI and real-world applications.

Why was it created?

MCP was introduced to solve a few key problems:

  • Standardization – Before MCP, every AI vendor had to invent its own plugin or integration system. MCP makes it possible to use the same connector across different AI platforms.
  • Security & Permissions – MCP ensures that AI agents only perform the actions and access the data that a given system (like NetSuite) allows. For example, the MCP Sample Tools SuiteApp only exposes operations aligned with the user’s NetSuite role and permissions.
  • Extensibility – It gives developers a clear way to add custom tools via simple JSON schemas and code, so companies can tailor what the AI can do to their own processes.

But how does it really work?

At the core, an MCP server is the bridge that connects an AI client (Claude, ChatGPT, etc.) to an external system (like NetSuite).
Here’s the flow in practice:

AI Client Request

You type a natural language prompt in Claude, e.g. “Show me the balance for customer ACME.”

Tool Invocation

Claude decides that answering this requires calling an MCP tool (getCustomerBalance).

MCP Server Translation

The MCP server takes Claude’s request and translates it into the correct system API call (in NetSuite, a SuiteScript or API request).

Execution in the System

The system (NetSuite) runs the action, applying the user’s permissions.

Response Back to AI

The MCP server sends the results back to Claude, which formats the answer for you.

This setup ensures a clear boundary: the LLM never has direct, uncontrolled access to databases or APIs — everything flows through the MCP server, which enforces rules and security.

Time to roll up our sleeves

NetSuite Setup

The first thing we have to do is to make sure we have a few features enabled in NetSuite. For that purpose go to:     

  1. Setup > Company > Setup Tasks > Enable Features.
  2. On the SuiteCloud subtab, enable Server SuiteScript
  3. Also make sure the OAuth 2.0 option (under Manage Authentication) is checked
  4.  Click Save

Then we must install the MCP Sample Tools SuiteApp that has been already developed by the Oracle NetSuite team that will allow us to see the MCP tools in actions. The predefined tools included in this SuiteApp are:

  • Update Customer
  • Search Customer
  • Run Custom SuiteQL
  • Get Sales Orders with filters
  • Get Sales Orders
  • Get Item Details
  • Get Financial Performance
  • Get Customer Transactions
  • Get Customer Details
  • Get Customer Balance
  • Generate Sales Report
  • Create Customer
  • Check Inventory Levels

In order to install our SuiteApp you have to go to:

  1. Customization > SuiteCloud Development > SuiteApp Marketplace
  2. Search for MCP Sample Tools
  3. Click Install

mcp suiteapp

 

 

 

 

 

 

 

 

 

 

 

Once the SuiteApp is installed, the next step is to create a dedicated User Role. For security reasons, MCP tools cannot connect from Claude to NetSuite using the Administrator role. Instead, you should create or select a role specifically for this purpose and assign it to the user who will establish the connection.

Regardless of which role you choose, when editing the role (Setup -> Users/Roles -> Manage Roles) make sure it includes the following two permissions under Permissions > Setup:

  • Log in using OAuth 2.0 Access Tokens
  • MCP Server Connection

Claude Setup

Now it’s time to set up the other end and connect Claude with the NetSuite AI Connector. Keep in mind that this requires a Claude Pro or Max license from Anthropic.

With that in place, open your Claude client or web app, click on your profile, go to Settings, and select Connectors.

claude settings

 

 

 

 

 

 

 

 

 

 

 

 

Then click on Add Custom Connector

claude custom connector

 

 

 

 

 

 

 

 

 

 

You can give any name you like and the URL must have this format: 

https://<account number>.suitetalk.api.netsuite.com/services/mcp/v1/all

This indicates Claude to go to NetSuite and pick up all available (and authorized) MCP Tools SuiteApps.

Then you just click on CONNECT and you will be redirected to NetSuite to authorize the application to access your NetSuite account (like any other OAuth 2.0 connection)

NOTICE: Once you are redirected to the NetSuite login page, make sure to switch the custom role you have previously defined, because the Administrator role cannot be used for security reasons.

claude connect

Finally, you go to the Input field and you can click on the icon next to the plus sign to make sure the connector has been enabled and to check what operations you can execute on NetSuite.

claude input

claude connectors

Click on NetSuite at the bottom

claude netsuite operations

This is it, now you can chat with NetSuite and interact with this operations. Feel free to check on the HELP section INCLUDED TOOLS (Under MCP Sample Tools Suiteapp) to see what can be done 

Associated Risks, Controls, and Mitigation Strategies

While connecting Claude with NetSuite through MCP unlocks powerful new possibilities, it also comes with important security considerations. Like any AI system, MCP tools are exposed to risks such as prompt injection (malicious hidden instructions) and hallucinations (plausible but incorrect outputs). These can lead to unintended actions, data corruption, or even disclosure of sensitive information if not properly managed. NetSuite addresses these challenges with built-in controls: MCP permissions must be explicitly granted, tools cannot be run under the Administrator role, and all usage is logged for traceability. In short, you remain in control of what AI agents can and cannot do. If you’d like to dive deeper into the risks, controls, and recommended mitigation strategies, check out this detailed guide.

Next Steps

In this post, we explored how to connect with the MCP Tool SuiteApp created by the Oracle NetSuite team—but that’s just the beginning. In our next article, we’ll walk you through creating your own SuiteApp, deploying it, and consuming your MCP server’s endpoints directly from Claude.

Stay tuned