Permissions Requiring Two-Factor Authentication (2FA)
As of 2018.2, the requirement for 2FA for these administrative permissions is enforced in all NetSuite accounts. See Mandatory Two-Factor Authentication (2FA) for NetSuite Access.
Administrative permissions that require 2FA include:
-
Access Token Management (for Token-based Authentication)
-
OAuth 2.0 Authorized Applications Management
-
Core Administration Permissions (for more information, see Core Administration Permissions)
-
Two-Factor Authentication base (permission to designate roles as 2FA authentication required and specify the duration of trusted devices for those roles)
Note:Standard roles with the Two-Factor Authentication base permission include Marketing Administrator, Sales Administrator, Support Administrator, and System Administrator.
-
Set Up OpenID Connect (OIDC) Single Sign-on
-
Set Up OpenID Single Sign-on
-
Set Up SAML Single Sign-on
-
OIDC Provider Setup
-
Integration Application
-
Device ID Management
-
View Unencrypted Credit Cards
-
View Unencrypted ACH Account Numbers
For more information about Mandatory 2FA and Two-Factor Authentication, see the following:
If a role is already designated as a SAML Single Sign-on (SSO) role, the 2FA requirement is ignored. The requirement for SAML SSO authentication takes precedence.
Related Topics
- NetSuite Roles Overview
- NetSuite Account Administration
- Separate Administration Permissions
- Full Access Role (Deprecated)
- Customizing or Creating NetSuite Roles
- Changing Custom Roles
- Inactivating Roles
- Setting Default Forms for Roles
- Restricting Accounts for Roles
- Customizing the Customer Center Role
- Retail Clerk Roles
- Showing Role Permission Differences
- Use Searches to Audit Roles and Permissions
- Use Searches to Audit Roles
- Use Searches to Audit Permissions By Employee
- Mass Updating a Permission on Custom Roles
- Mass Updating the Role Assigned to Customers
- Standard Roles Permissions Table