Users and Trusted Devices for Two-Factor Authentication

Users with 2FA required roles can specify devices as trusted when logging in to the 2FA role. Marking a device as trusted works in conjunction with the value specified by the Administrator in the Duration of Trusted Device column for a particular role.

For example, a role has been designated as 2FA required, and the value for Duration of Trusted Device has been set to 30 days. The next time a user with this role logs in, they can choose whether to check the Trust this device box.

In cases where a user has access to more than one company, and the user’s role is 2FA required, marking a device as trusted makes that device trusted across all companies to which the user has access.

Trust this device box on the 2FA login page.

The user is in control of whether device is considered trusted. In this example, the user could check the Trust this device box and then would not be presented with a 2FA challenge for 30 days when logging in to NetSuite from this device.

After a user has marked a device as trusted, the user can modify that choice on the Manage Trusted Devices page.

For example, this user marked a device as trusted. That is, the user previously chose not to be asked for a two-factor authentication (2FA) verification code on this device.

The user can reverse that choice by selecting a Restore 2FA required... option. If the 2FA required is restored for a device, the user must use a 2FA authenticator app, or a backup code to log in.

Restore 2FA on this Device Only option on the Manage Trusted Devices page.

There is a link on the Settings portlet to access the Manage Trusted Devices page.

Manage Trusted Devices link in the Settings portlet.

Related Topics

Two-Factor Authentication (2FA)
Managing Two-Factor Authentication
Designate Two-Factor Authentication Roles
2FA in the NetSuite Application

General Notices