Password Expiration Notifications
Your NetSuite password will expire. The length of time that a password remains valid depends on the password requirements configured by your account administrator. You can view the date and time your password will expire in the My Login Audit portlet on your Home page.
After changing your password, refresh the portlet to see the new password expiry date.
You will receive advance notice of the date that your password will expire. This notice helps to eliminate uncertainty and problems associated with having to change your password at an inconvenient time. The first notice is sent 14 days before your password expiration date. As soon as you update your password, the notices stop. If you do not change your password, the next notice arrives seven days before your password expires. If necessary, you will receive an additional notice each day for the final three days before your password expires.
The password expiration notification includes a link to let you change your password. A table lists the Company ID, Company Name, Days to expiration, and account type helps you to identify the role and the account where your password is expiring.
You can also use the Change Password link in the Settings portlet to change your password. For more information, see:
Be aware of the following:
-
Users can have roles that provide access to more than one NetSuite account. It is possible that some of the accounts to which a user has access have a stricter password requirements than other accounts. On rare occasions, users may attempt to access a role in an account that has stricter password requirements and encounter a password expired error message. For example, users assigned to the NetSuite Support Center or the NetSuite Support Center (Basic) role are accessing the Oracle NetSuite account through the NetSuite Account Center portlet. These users are then subject to the Oracle NetSuite password requirements. In this case, users must change their password before they can access the NetSuite Account Center.
-
You might be required to comply with Payment Card Industry Data Security Standard (PCI DSS) password requirements. If you have a role with the View Unencrypted Credit Cards permission, you must change your NetSuite password at least every ninety (90) days. If your company policy for NetSuite password expiration is greater than 90 days, the 90 days limit is automatically enforced for anyone with the View Unencrypted Credit Cards permission. In addition, the required length for a password is a minimum of 12 characters. Everyone with access to unencrypted credit card numbers must comply with PCI password requirements.
-
Roles to which the SAML Single Sign-on permission has been added, and roles that have been designated as Single Sign-on Only, are exempt from password expiration notifications. SAML user credentials are not managed by NetSuite, but by the Identity Provider (IdP).
Note:Users with multiple roles will receive the password expiration notification if one or more roles are not designated as Single Sign-on Only. This also applies to roles deactivated on the Role page.