NetSuite Changelog
SecuritySecurityNew FeatureRelease NotesConfiguration

Restricting NetSuite Role Access by IP Address Security

Restrict NetSuite role access by IP address to enhance security and limit logins to trusted locations.

·2 min read·View Oracle Docs

TL;DR Opening

You can enhance security in NetSuite by restricting role access based on IP addresses. This feature allows organizations to specify which IP addresses can log into assigned roles, ensuring access only from trusted locations.

How Does Role Restriction by IP Address Work?

To enable IP address restrictions for a specific role within NetSuite, follow these steps:

  1. Go to Setup > Users/Roles > Manage Roles.
  2. Check the Restrict this role by IP Address box to limit access to only the specified IP addresses.

Important Considerations

  • Two-Factor Authentication (2FA): It is strongly recommended to use 2FA as a more secure alternative to IP address restrictions.
  • VPN Configurations: NetSuite does not support user access through a split-tunnel VPN. In this configuration, users can appear to connect from different IPs based on the routing policies, which complicates the restriction measures. A full-tunnel VPN ensures a single IP but might impact performance.
  • IP Address Reliability:
    • Only public IPv4 addresses are acceptable; private addresses are ineffective outside of internal networks.
    • IPv6 addresses are not supported by NetSuite.
    • Ensure that the public IPv4 address is not shared and remains static to prevent authentication failures.

Security Implications

While IP address restrictions can provide an additional layer of security, they are not foolproof. Consider the following risks:

  • IP addresses can be spoofed or misrepresented.
  • Relying solely on IP addresses might not suffice for high-security environments where additional verification methods are warranted.

Key Takeaways

  • Restricting role access by IP address enhances security in NetSuite by controlling where users can log in from.
  • Consider implementing two-factor authentication for stronger user verification.
  • Ensure correct VPN configurations to avoid access issues.
  • Relying exclusively on IP addresses may present security risks and reliability concerns.

Frequently Asked Questions (4)

Do I need to enable any specific feature flag to restrict NetSuite role access by IP address?
No specific feature flag is required to enable IP address restrictions. You can set this up by going to Setup > Users/Roles > Manage Roles and checking the 'Restrict this role by IP Address' box.
Can IP address restrictions in NetSuite be configured using IPv6 addresses?
No, NetSuite only supports public IPv4 addresses for IP address restrictions. IPv6 addresses are not supported.
What are the VPN requirements for IP address restrictions to work effectively in NetSuite?
NetSuite does not support split-tunnel VPNs for IP restrictions, as users may appear to connect from different IPs. A full-tunnel VPN ensures users connect from a single IP address, although it may impact performance.
What happens if my public IPv4 address changes frequently?
If your public IPv4 address changes frequently or is shared, it can lead to authentication failures. It is important to ensure that the IP is static and not shared to effectively use IP address restrictions.
Source: Restricting a Role by IP Address Oracle NetSuite Help Center. This article was generated from official Oracle documentation and enriched with additional context and best practices.

Was this article helpful?

More in Security

View all Security articles →