Managing Two-Factor Authentication
You do not have to enable, or purchase a feature to use 2FA in a NetSuite account. Setup required of administrators is minimal. You can begin using 2FA in your NetSuite account at any time. Administrators, or other users with the Two-Factor Authentication base permission, can designate roles as 2FA required. Users who are assigned to 2FA-required roles must set up their authenticator applications in NetSuite.
2FA is required for the Administrator role and other roles with highly privileged permissions. These roles are indicated in Mandatory 2FA column on the Two-Factor Authentication Roles page. For a list of roles that are considered highly privileged, see Permissions Requiring Two-Factor Authentication (2FA).
Required 2FA Tasks
See the following required tasks for managing 2FA in a NetSuite account. These tasks can be completed by administrators and users that have the Two-Factor Authentication base permission.
-
For roles that you want to restrict as 2FA roles, designate the role as 2FA authentication required. See Designate Two-Factor Authentication Roles.
-
When using 2FA, the users:
-
Are sent a verification code by email during the initial login attempt to a 2FA role.
-
Must set up their 2FA preferences. Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts. See the following topics written for users: Set up Your Preferences for Two-Factor Authentication (2FA).
To generate verification codes using an authenticator app, users must install an authenticator application.
-
Each time a users log in to NetSuite, they must enter an email address and password. If the role is a 2FA required role, the user must also enter a verification code. Each verification code is a unique series of numbers valid for a limited time, and only for a single login. During 2FA setup, users are also supplied with backup codes that can also be used for 2FA access.
For help written for users, see Logging In Using Two-Factor Authentication (2FA).