Permissions Requiring Two-Factor Authentication in NetSuite
NetSuite enforces two-factor authentication (2FA) for key administrative permissions, enhancing security and access control.
Starting in NetSuite 2018.2, two-factor authentication (2FA) is mandated for all accounts concerning specific administrative permissions. This requirement is substantial as it brings an added layer of security to sensitive operations within NetSuite.
Which Permissions Require 2FA?
The administrative permissions that necessitate 2FA include:
- Access Token Management (for Token-based Authentication)
- OAuth 2.0 Authorized Applications Management
- Core Administration Permissions (see more about Core Administration Permissions)
- Two-Factor Authentication base permission, which allows roles to be designated as requiring 2FA and to set durations for trusted devices for those roles
Standard roles with the 2FA base permission include:- Marketing Administrator
- Sales Administrator
- Support Administrator
- System Administrator
- Set Up OpenID Connect (OIDC) Single Sign-on
- Set Up OpenID Single Sign-on
- Set Up SAML Single Sign-on
- OIDC Provider Setup
- Integration Application
- Device ID Management
- View Unencrypted Credit Cards
- View Unencrypted ACH Account Numbers
Important Notes
- If a role is configured as a SAML Single Sign-on (SSO) role, the requirement for 2FA is not applicable, as SAML SSO requirements take precedence.
- All non-UI API access, such as through web services or RESTlets, will also require 2FA. Roles that require 2FA cannot authenticate using user credentials for API access.
This initiative not only safeguards sensitive data but also ensures compliance with modern security protocols.
Related Resources
- More on Two-Factor Authentication (2FA)
- 2FA in the NetSuite Application
- NetSuite Roles Overview
- NetSuite Account Administration
These resources can further enhance your understanding of how to effectively manage roles and permissions in NetSuite, making your organization more secure and compliant with best practices in authentication.
Frequently Asked Questions (4)
Do I need to enable a feature flag for two-factor authentication in NetSuite?
Which roles inherently require two-factor authentication for administrative tasks?
Does two-factor authentication apply to SAML Single Sign-on (SSO) roles?
Will roles that require 2FA be able to authenticate using user credentials for API access?
Was this article helpful?
More in Authentication
- SuiteCommerce Authentication Enhancements in NetSuite 2024.1
SuiteCommerce authentication enhancements introduced in version 2024.1 improve security and personalization in eCommerce solutions.
- Domain Settings Transition to DNS Challenges in NetSuite 2024.1
Starting in NetSuite 2024.1, domain verification shifts from HTTP to DNS challenges, enhancing security and streamlining configurations.
- End of Support for RSA PKCSv1.5 in NetSuite 2025.1
NetSuite 2025.1 ends support for RSA PKCSv1.5 in OAuth 2.0, requiring updates to integration methods.
- End of Support for SMS/Voice Call 2FA in NetSuite 2023.2
NetSuite 2024.1 discontinues SMS/voice call 2FA. Transition to an authenticator app is required by March 1, 2024.
Advertising
Reach Authentication Professionals
Put your product in front of NetSuite experts who work with Authentication every day.
Sponsor This Category