Passkeys as 2FA
By default, users in your account can use their passkeys for 2FA challenge during the login process to NetSuite. This is only available for users with a passkey that complies with the FIDO2 specification.
Users with the Administrator role can turn this option off. If you turn this option off, all users with 2FA-required roles must continue using their authenticator apps for the 2FA challenge during the login process to NetSuite. If you let the option on, your users can use their FIDO2-compliant passkeys for the 2FA challenge during login.
NetSuite still asks for a code from an authenticator app every three months. This is to ensure that users have a working 2FA setup needed to reset their password, and their 2FA settings.
To disable the Passkey as 2FA feature:
-
Go to Setup > Company > Setup Tasks > Enable Features and click the Company subtab.
-
In the Access section, check the Disable Passkey as 2FA box.
-
Click Save.
You can enable the feature again at any time by clearing the Disable Passkey as 2FA box.
For more information about passkeys as 2FA for users, see Logging In Using Two-Factor Authentication (2FA).