Mandatory Two-Factor Authentication (2FA) for NetSuite Access

NetSuite requires two-factor authentication (2FA) for all Administrator and other highly privileged roles when logging to any NetSuite account. This includes production, sandbox, development, and Release Preview accounts. The Administrator and highly privileged roles are designated as 2FA required by default. This requirement cannot be removed. Certain highly privileged permissions also mandate that a role be 2FA required by default. Any standard or customized roles that include these permissions are indicated in the Two-Factor Authentication Required column on the Two-Factor Authentication Roles page. For more information, see Permissions Requiring Two-Factor Authentication (2FA).

2FA requirement also applies to all non-UI access through an Application Programming Interface, or API. Web services and RESTlets are two examples of non-UI access to NetSuite. 2FA-required roles using user credentials for API authentication will fail.

Related Topics

• Authentication
• Password Requirements and Policies in NetSuite
• Session Management in NetSuite
• NetSuite Login Pages
• Enabling and Creating IP Address Rules
• Token-based Authentication (TBA)
• OAuth 2.0
• Two-Factor Authentication (2FA)
• Device ID Authentication
• Outbound Single Sign-on (SuiteSignOn)
• NetSuite as OIDC Provider
• SAML Single Sign-on
• OpenID Connect (OIDC) Single Sign-on

General Notices