1. Field Service Management
  2. Field Service Management Security Guide
  3. Ongoing FSM User Security
  4. For Administrators

For Administrators

Setting Up New FSM Mobile Users

Only Administrators can set up users for the FSM Mobile app. Confirm that mobile licenses are available by checking the license count displayed within the Field Service Mobile User box label in any employee record.

To set up new FSM Mobile users:

  1. Go to Lists > Employees > Employees.

  2. Find the employee you want to set up as a new FSM mobile user. If the user does not have an employee record, add a new employee record. To add a new employee, see Adding an Employee.

  3. Click Edit beside the employee's name to edit the record.

  4. On the Field Service subtab, check the Field Service Mobile User box.

  5. If the email and password fields are empty, enter an email and password for the user.

  6. Click Save.

  7. Click Email Mobile Login at the top of the page to send an access link to the new FSM Mobile user.

  8. Securely communicate the password to the user.

Guidelines for Passwords

By default, users with NetSuite access use the same email and password for FSM Mobile that they use to log in to NetSuite. Users with no NetSuite access need an Administrator to set their password for them. These users cannot change their own password.

Take note of the following guidelines for passwords:

  • When informing users their password, do not send it through email or plain text. Call the user, confirm that you are speaking to the right person, and then provide the password verbally.

  • Advise users ahead of time on how and when you will contact them to provide their password.

  • Remind users that administrators will never ask them for their current password and that they should never provide their passwords if asked.

  • Remind users that passwords should be memorized or stored in a secure password manager. Passwords should never be written down or stored in plan text files.

  • To align with NIST guidelines, you should not mandate password rotation for mobile users. Only require a change if you have evidence of potential account compromise. This approach encourages users to choose and remember strong passwords.

Roles and Permissions

When configuring access to FSM-related custom records, take note of the following high-risk record types:

  • Field Service Configuration – This record can be used to customize the behavior of the FSM module. This could potentially introduce security issues or change the expected behaviors of the FSM application in a detrimental way. For more information, see Configuring the FSM Module Securely.

  • Field Service Error – This record contains detailed information of FSM errors that have occurred in the account including logs of authentication failures through the mobile application. Creation and modification of these records can also indirectly impact the way certain scheduled FSM processes run, sometimes stopping these processes entirely.

  • Field Service Account – This record controls account-specific information including mobile license numbers and feature toggles. While this record cannot be accessed through the user interface, it can be accessed programmatically by users with appropriate permissions.

Due to the high-risk nature of these record types, only fully-trained staff members should be given access and only if they must have access to complete their work.

FSM Version Updates

When a new FSM version is available, you should upgrade your sandbox account as soon as possible and complete user acceptance testing (UAT) ahead of the scheduled production account upgrade.

If you do not plan to complete UAT, you should still upgrade your sandbox account. Updates to the FSM module may contain security enhancements and leaving your sandbox account on an older version may leave any data within that account vulnerable.

General Notices