Permissions Requiring Two-Factor Authentication (2FA)

Important:

As of 2018.2, the requirement for 2FA for these administrative permissions is enforced in all NetSuite accounts. See Mandatory Two-Factor Authentication (2FA) for NetSuite Access.

Administrative permissions that require 2FA include:

Access Token Management (for Token-based Authentication)
OAuth 2.0 Authorized Applications Management
Core Administration Permissions (for more information, see Core Administration Permissions)
Two-Factor Authentication base (permission to designate roles as 2FA authentication required and specify the duration of trusted devices for those roles)

Note:
Standard roles with the Two-Factor Authentication base permission include Marketing Administrator, Sales Administrator, Support Administrator, and System Administrator.
Set Up OpenID Connect (OIDC) Single Sign-on
Set Up OpenID Single Sign-on
Set Up SAML Single Sign-on
OIDC Provider Setup
Integration Application
Device ID Management
View Unencrypted Credit Cards
View Unencrypted ACH Account Numbers

For more information about Mandatory 2FA and Two-Factor Authentication, see the following:

Note:

If a role is already designated as a SAML Single Sign-on (SSO) role, the 2FA requirement is ignored. The requirement for SAML SSO authentication takes precedence.

Related Topics