1. Account Administration
  2. Authentication
  3. Two-Factor Authentication (2FA)
  4. Designate Two-Factor Authentication Roles

Designate Two-Factor Authentication Roles

An administrator or a user with the Two-Factor Authentication base permission can use the Two-Factor Authentication Roles page to indicate 2FA-required roles. Each 2FA role can be configured to specify how often users with that role are presented with the 2FA challenge. The Duration of Trusted Device column includes values for hours (4, 6, 8, 12) and days (1–30). The default value is Per session. The value works in conjunction with the devices users indicate as trusted devices. See Users and Trusted Devices for Two-Factor Authentication for more information.

Important:

The 2FA-required designation can be applied to most roles, including Employee Center, Partner Center, and Vendor Center roles, but not to Customer Center roles.

2FA is required for the Administrator role and other roles with highly privileged permissions. These roles are indicated in the Mandatory 2FA columns on the Two-Factor Authentication Roles page. For more information, see Permissions Requiring Two-Factor Authentication (2FA).

To designate two-factor authentication roles:

  1. Go to Setup > Users/Roles > Two-Factor Authentication Roles.

  2. Select 2FA authentication required from the list in the Two-Factor Authentication Required column for any role that you want to be 2FA required.

    Duration of Trusted Device dropdown list on the Two-Factor Authentication Roles page.

  3. In the Duration of Trusted Device column, accept the default (Per session) or select the length of time before a device a user has marked as trusted will be subject to a two-factor authentication request.

  4. Click Submit.

Note:

The Two-Factor Authentication feature is not compatible with web services or SuiteAnalytics Connect. To use web services or SuiteAnalytics Connect, you must be logged in with a role that does not require 2FA. If you want to use RESTlets or web services with a highly privileged role, use Token-based Authentication or OAuth 2.0. See Token-based Authentication (TBA) or OAuth 2.0 for more information. OAuth 2.0 cannot be used with SOAP web services.

If you need more information about setting up access or roles in NetSuite, see NetSuite Roles Overview and NetSuite Access Overview.

Related Topics

General Notices