2FA in the NetSuite Application

The following two videos about using 2FA in NetSuite are available.

Two–factor authentication, or 2FA, is available for all companies using NetSuite in all their NetSuite accounts as a method of improving security. 2FA can help you to comply with IT security standards and regulations, using phones your users already have. 2FA is not tied to a single company in NetSuite. As long as the user’s session remains valid, the user will not be asked again for a verification code when they switch between roles, even when switching between roles in different companies.


Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts. Users should select an authenticator app as the primary method of authentication. SMS and voice call are subject to carrier availability and changes in local regulations. Therefore, delivery of verification codes by SMS or voice call is not as reliable as using an authenticator app. See Supported Authenticator Apps.

The option to use an Authenticator App for 2FA is available in your account, and is the best option for users with roles that are designated as 2FA authentication required. It is not always possible for users to receive an SMS message or voice call. Authenticator apps are always available for generating verification codes. See Supported Authenticator Apps for more information on choosing an app.

To use 2FA, account administrators (or other users with the permission Two-Factor Authentication base) must designate specific roles as 2FA authentication required roles. See Designate Two-Factor Authentication Roles for more information.

Each user assigned to a 2FA role designated as 2FA authentication required must set up an authenticator application or a phone number in NetSuite. The user’s phone number is linked to the email address they use to log in to the NetSuite UI.

After a role has been designated as 2FA authentication required, a user assigned to that role receives an email the first time they attempt to login to the 2FA role. The email contains instructions and a verification code for initial login.

After completing the initial login to a 2FA role, a wizard opens allowing the user to select their preferred options for generating 2FA verification codes.

See Logging In Using Two-Factor Authentication (2FA) for documentation written for those users who are not administrators.

Related Topics

Two-Factor Authentication (2FA)
Managing Two-Factor Authentication
Designate Two-Factor Authentication Roles
Users and Trusted Devices for Two-Factor Authentication
Supported Countries: SMS and Voice Call

General Notices