Complete Your 2FA Setup
The first time you log in to NetSuite with a 2FA required role, you are automatically shown the Security setup page. If you do not see the Security setup page, you might not be logged in to NetSuite with a role that requires 2FA. Switch roles to a role that is 2FA required. If you do not know whether you have a role that requires 2FA, ask your account administrator.
You must complete the initial 2FA setup in the NetSuite UI on your computer. You can log in using 2FA with the NetSuite Mobile application. However, it is not possible to perform the initial 2FA setup from the mobile app.
To complete your 2FA setup:
Install an authenticator app on your phone if you have not done so. See Supported Authenticator Apps. Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts.
When you have installed the authenticator app, click Next.Important:
As of March 1, 2023, users setting up or resetting their 2FA configurations must install and use an authenticator app to generate verification codes. Receiving codes by SMS is no longer supported for users setting up 2FA for the first time, or for existing users who reset their 2FA settings. Users can also log in with the one-time backup codes provided during 2FA setup.
The SMS option is currently only prohibited for new 2FA setups. However, industry experts (such as NIST, W3C, and the FIDO Alliance) no longer view SMS as a secure delivery mechanism for 2FA verification codes. As part of our ongoing commitment to world-class security, the SMS option is targeted for removal in a future NetSuite release.Note:
You can click Skip to NetSuite to dismiss this prompt up to five times. After the fifth time, you are required to set up an authenticator app or your phone number.
Using the authenticator app on your phone:
Scan the QR code displayed, or manually enter the string of characters shown next to the QR code.
The authenticator app generates a verification code.
Enter the verification code.
Verification codes generated by authenticator apps expire approximately every 30 seconds. Enter a new code if the initial code you receive expires.Important:
If you have entered several codes in a row that have been refused, do not keep trying codes from your app. After five failed attempts, you will lock yourself out of NetSuite. If the time on your phone or app is not properly synchronized, NetSuite will not accept the verification codes generated by your app. See Troubleshoot Authenticator Apps for potential solutions.
Ten backup codes are displayed in the UI.
These unique backup codes can be used to log in to a 2FA role when you are unable to receive a verification code. Each backup code can be used only a single time.Important:
Treat backup codes as securely as you would treat a password. This is the only time these unique ten codes are displayed in the UI. You cannot retrieve these from the system after you close this window. If you lose these backup codes, you can generate new ones.
Click Print to print the backup codes, if desired.Important:
Planning a trip to a location where you do not have phone service? Authenticator apps provide a verification code even when you have no cell service. What if you do not want to turn on your phone at all? You should also take your back up codes with you. Keep your backup codes secure. Do not store your backup codes with the device you use to log in to NetSuite.
After your 2FA setup is complete, the Reset 2FA Settings and Generate Backup Code links appear in your Settings portlet. If you cannot locate the Settings portlet, see Finding Your Settings Portlet. If you do not see the links as expected, refresh your browser.
For more information, see the following topics: