Set Up Token-based Authentication Roles

Important:

For enhanced security, two-factor authentication (2FA) is required for all Administrator and other highly privileged roles for access to all NetSuite accounts. This applies to production, sandbox, development, and Release Preview accounts. For more information, see Authentication Overview and Mandatory Two-Factor Authentication (2FA) for NetSuite Access.

If preferred, an administrator can modify existing roles to add token-based authentication permissions, then assign users to those roles as needed. If you need more information about creating or customizing roles, see:

• NetSuite Users & Roles

• NetSuite Roles Overview

Token-based Authentication (TBA) Permissions

The following token-based authentication permissions can be added to roles as appropriate.

• Access Token Management

  Users with this permission:

  • Can create, assign, and manage a token for other users (except tokens for an Administrator role) in the account. Administrators can create tokens for themselves, but not for other administrators.

  • Cannot create access tokens for their own use. Exception: administrators can create tokens for their own use.

  • Cannot use access tokens to log in through RESTlets or web services.

• User Access Tokens

  Users with this permission:

  • Can, through Manage Access Tokens in the Settings portlet, or by calling the issuetoken endpoint, create and revoke access tokens for their own use. For more information, see User Access Token – Create a TBA Token and Issue Token and Revoke Token REST Services for Token-based Authentication.

  • Can use access tokens to log in through RESTlets or web services.

• Log in using Access Tokens

  Users with this permission:

  • Can use access tokens to log in through RESTlets or web services.

  • Cannot create their own access tokens through a link in the Settings portlet, or by calling the issuetoken endpoint.

To add permissions to a role, go to Setup > Users/Roles > User Management > Manage Roles. Select a role to customize. On the Permission tab, Setup subtab, choose the permission from the list and click Add.

Note:

A user assigned the User Access Tokens permission does not also need the Log in using Access Tokens permission.

You must assign TBA roles to users. See Assign Users to Token-based Authentication Roles.

Related Topics

Token-based Authentication (TBA)

Token-based Authentication (TBA) for Integration Application Developers

Troubleshoot Token-based Authentication (TBA)

General Notices