Users and Trusted Devices for Two-Factor Authentication
Users with 2FA required roles can specify devices as trusted when logging in to the 2FA role. Marking a device as trusted works in conjunction with the value specified by the Administrator in the Duration of Trusted Device column for a particular role.
For example, a role has been designated as 2FA required, and the value for Duration of Trusted Device has been set to 30 days. The next time a user with this role logs in, they can choose whether to check the Trust this device box.
In cases where a user has access to more than one company, and the user’s role is 2FA required, marking a device as trusted makes that device trusted across all companies to which the user has access.
The user is in control of whether device is considered trusted. In this example, the user could check the Trust this device box and then would not be presented with a 2FA challenge for 30 days when logging in to NetSuite from this device.
After a user has marked a device as trusted, the user can modify that choice on the Manage Trusted Devices page.
For example, this user marked a device as trusted. That is, the user previously chose not to be asked for a two-factor authentication (2FA) verification code on this device.
The user can reverse that choice by selecting a Restore 2FA required... option. If the 2FA required is restored for a device, the user must use a 2FA authenticator app, or a backup code to log in.
There is a link on the Settings portlet to access the Manage Trusted Devices page.
