SuperSync Files - Security, Authentication & Data Access Overview

Overview

FileSync is a SuiteApp installed directly into your NetSuite account. It enables integration with external document repositories such as Microsoft SharePoint and Google Drive.
The SuiteApp runs entirely inside your NetSuite environment using SuiteScript. When files are transferred, they may pass through a Netgain-operated proxy service for delivery, but no customer data is ever stored or persisted by Netgain.

Key security principles:

  • Customer ownership of data: All files and records remain in your NetSuite account or your chosen document repository (SharePoint or Google Drive).
  • Delegated user authorization: Access is authenticated via OAuth 2.0 against a specific user account that you control.
  • No Netgain data storage: Netgain does not retain customer files, tokens, or credentials.

Authentication with Microsoft SharePoint

  • FileSync uses a registered multi-tenant application in the Netgain Azure Active Directory tenant.
  • Authorization is granted through delegated permissions tied to a specific user account in your Microsoft 365 tenant.
  • The user who authenticates must already have access to the SharePoint site(s) and libraries you wish to use.
  • FileSync operates strictly within that user’s security context—no broader application-only permissions are used.
  • Access and refresh tokens are issued by Microsoft’s identity platform via OAuth 2.0 and stored securely within your NetSuite account for FileSync to use.

In practice, your SharePoint administrators control which user accounts have access to which sites. FileSync never bypasses or elevates these controls.

Authentication with Google Drive

  • Customers create their own Google Cloud Project in the Google Developer Console.
  • Within that project, OAuth 2.0 credentials (client ID and secret) are generated and entered into FileSync’s configuration in NetSuite.
  • Authentication is performed against a specific Google Workspace user (or Gmail user, if outside Workspace).
  • FileSync operates under that authenticated user’s permissions in Google Drive.
  • Access and refresh tokens are issued by Google’s OAuth 2.0 endpoint and stored securely in your NetSuite account.

In this model, the customer owns the application registration fully. Netgain never receives or manages the Google application credentials.

Security Summary

  • FileSync runs entirely within your NetSuite account, with optional use of a Netgain proxy service that forwards files but never persists them.
  • Authentication always uses delegated user access via OAuth 2.0.
  • Customers control permissions through their own Microsoft 365 or Google Workspace administration.
  • Netgain does not retain customer files, tokens, or credentials.

NOTE: This authentication methodology for Microsoft Sharepoint applies to versions of SuperSync files released on October 2025 forward.

Was this article helpful?