1. Account Administration
  2. Authentication
  3. Two-Factor Authentication (2FA)
  4. Managing Two-Factor Authentication

Managing Two-Factor Authentication

You do not have to enable, or purchase a feature to use 2FA in a NetSuite account. Setup required of administrators is minimal. You can begin using 2FA in your NetSuite account at any time. Administrators, or other users with the Two-Factor Authentication base permission, can designate roles as 2FA required. Users who are assigned to 2FA-required roles must set up their authenticator applications in NetSuite.

Important:

2FA is required for the Administrator role and other roles with highly privileged permissions. These roles are indicated in Mandatory 2FA column on the Two-Factor Authentication Roles page. For a list of roles that are considered highly privileged, see Permissions Requiring Two-Factor Authentication (2FA).

Two-Factor Authentication Roles page

Required 2FA Tasks

See the following required tasks for managing 2FA in a NetSuite account. These tasks can be completed by administrators and users that have the Two-Factor Authentication base permission.

  • For roles that you want to restrict as 2FA roles, designate the role as 2FA authentication required. See Designate Two-Factor Authentication Roles.

  • When using 2FA, the users:

    • Are sent a verification code by email during the initial login attempt to a 2FA role.

    • Must set up their 2FA preferences. Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts. See the following topics written for users: Set up Your Preferences for Two-Factor Authentication (2FA).

      To generate verification codes using an authenticator app, users must install an authenticator application.

      Important:

      As of March 1, 2024, the support ended for 2FA by SMS/voice call.

      If you still use SMS/voice call to receive your 2FA code, reset your 2FA settings as soon as possible.

Each time a users log in to NetSuite, they must enter an email address and password. If the role is a 2FA required role, the user must also enter a verification code. Each verification code is a unique series of numbers valid for a limited time, and only for a single login. During 2FA setup, users are also supplied with backup codes that can also be used for 2FA access.

For help written for users, see Logging In Using Two-Factor Authentication (2FA).

Related Topics

General Notices