Set Up Token-based Authentication Roles

Important:

For enhanced security, two-factor authentication (2FA) is required for all Administrator and other highly privileged roles for access to all NetSuite accounts. This requirement applies to production, sandbox, development, and Release Preview accounts. For more information, see Authentication Overview and Mandatory Two-Factor Authentication (2FA) for NetSuite Access.

If preferred, an administrator can modify existing roles to add token-based authentication permissions, then assign users to those roles as needed. If you need more information about creating or customizing roles, see:

Token-based Authentication (TBA) Permissions

The following token-based authentication permissions can be added to roles as appropriate.

  • Access Token Management

    Users with this permission:

    • Can, through the NetSuite UI, create and revoke access tokens for some users with a TBA-enabled role. A user cannot create access tokens for an administrator, and the administrator cannot create access tokens for another administrator.

    • Cannot create access tokens for their own use. Exception: administrators can create tokens for their own use.

    • Cannot use access tokens to log in through RESTlets or web services.

  • User Access Tokens

    Users with this permission:

  • Log in using Access Tokens

    Users with this permission:

    • Can use access tokens to log in through RESTlets or web services.

    • Cannot create their own access tokens through a link in the Settings portlet, or by calling the issuetoken endpoint.

To add permissions to a role, go to Setup > Users/Roles > User Management > Manage Roles. Select a role to customize. On the Permission tab, Setup subtab, choose the permission from the list and click Add.

Note:

A user assigned the User Access Tokens permission does not also need the Log in using Access Tokens permission.

You must assign TBA roles to users. See Assign Users to Token-based Authentication Roles.

Related Topics

Token-based Authentication (TBA)
Token-based Authentication (TBA) for Integration Application Developers
Troubleshoot Token-based Authentication (TBA)

General Notices