Two-factor authentication (2FA) allows enforcement of the second level of security for logging in to the NetSuite user interface. Using 2FA can also protect your company from unauthorized access to data. 2FA is highly recommended and is a quick, free, and easy way of enforcing additional security for users.
Administrators can choose which NetSuite roles should have 2FA enforced, and users can set up 2FA in a self-service manner.
Setting Up 2FA for NetSuite
The first step is to choose which roles will need to go through Two Factor Authentication (2FA) and how long that 2FA session is good for before prompted by NetSuite to go through 2FA once more.
Using an Administrator role, navigate to Setup>Users/Roles>Two-Factor Authentication Roles. This will bring you to a page with all roles.
In the “Two-Factor Authentication Required” column, choose the option “2FA Authentication required” for the roles needing 2FA. Then, in the “Duration of Trusted Device”, choose how long in days before NetSuite prompts the user logging in with that role to go through 2FA authentication once more.
Options for the duration of a trusted device range from “Per Session”, or every time somebody logs in, to 30 Days.
Logging in to a 2FA Role for the first time
Upon logging in to a 2FA role for the first time, NetSuite will send a code to the email associated with the user, requesting the user inputs the verification code. Copy and paste the code, then hit Submit.
Next, the user will complete 2FA setup.
There are three methods for completing 2FA in NetSuite: using the primary method, a secondary method (optional) and then using backup codes. Let’s set up the primary method first.
RSM recommends using an Authenticator app on a phone. Google Authenticator works very well and is simple to use. Microsoft Authenticator is another good option. Click the radio button for “Authenticator app (recommended)” and click Next.
After the authenticator app is installed, scan the QR code presented on the next screen. The app will now show a 6 digit code. Enter the code in the “Step 3. Verification Code” in NetSuite. Click Next.
Next, set up a secondary method for 2FA. Although optional, this is recommended in case something goes wrong with the authenticator app. Click Next.
Enter a phone number, and then type in the verification code in Step 3. Click Next.
Finally, take note of the Backup Codes presented on the next screen. In case 2FA is not accessible, these codes would be used.
Congrats! You have now set up 2FA for the chosen roles.