Two colleagues looking at reports and graphs on paper

Two Factor Authentication (2FA) – FAQ

With the release of NetSuite 2018.2 in October, two-factor authentication (2FA) will become mandatory for certain roles within NetSuite. Below are some frequently asked questions regarding 2FA which you might find useful.

Q: What is 2FA?

A: Two-factor authentication (also known as 2FA) is a type (subset) of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or something they are.

Q: Do all NetSuite users have to have 2FA?

A: No, 2FA is enabled by role. Only the following built-in roles will require 2FA;

  • Administrator
  • Full Access
  • Marketing Administrator
  • Resource Manager
  • Sales Administrator
  • Support Administrator
  • System Administrator

Q: Can I enable 2FA for any roles that I want to?

A: Yes, any role can be enabled for 2FA, just go to Setup => Users/Roles => Two-Factor Authentication Roles.

Q: How often will I be required to use 2FA to log on to NetSuite?

A: This is configurable by role, from “Per Session”, which means every time you logon to NetSuite, you will have to use 2FA, to “30 Days”. However, we would suggest that you set the duration to be a minimum of “1 Day” as an optimal value.

Q: So, what do I use as the second “factor” in my 2FA logon process?

A: Dedicated Authenticator Apps, SMS or Email options are available. We would recommend the use of the Microsoft Authenticator App on your mobile device, which can be downloaded for free from the relevant mobile app store. Other 2FA applications are available, but users of Office 365 will see an advantage of using the Microsoft app if they also use or plan to use 2FA with Office 365.

Q: So, what happens the first time that I logon to NetSuite when 2FA is enabled?

A: After you have entered your email address & password as normal, Netsuite will send you an email with a six-digit code (this is your 2FA code).

  • Type this into the box provided in the logon screen.
  • You will then be asked how you wish to set up 2FA, select “Recommended Method: an authenticator app”.
  • You will then be given a 2-dimensional barcode (QR Code), using your authenticator app, add a new account & follow the app’s instructions to grab an image of the QR code, this will setup the rolling six-digit codes needed to authenticate.
  • Set up a “backup” 2FA method, we would recommend receiving an SMS text message.
  • Select the relevant country code & mobile phone number, then press “Send code” & then entered the received code to confirm.
  • Finally, you will be given a set of 10 one-time-use codes in the event that you do not have access to your phone or authenticator app. Print these out & keep them in a safe place or take a screengrab & store it securely.

Q: So, after all of this is set up, what happens when I login to NetSuite using a role that has 2FA enabled?

A: Depending on the frequency you have set up against the role in NetSuite when you logon you will be asked for a six-digit code in addition to your email address & password. Use your authenticator app to find the current six-digit code to use with your account. The code will change every thirty seconds, so you may have to wait a few seconds for a new code to be generated if the current one is just about to expire.

Q: I don’t have access to my phone, but I want to logon to NetSuite with a role that has 2FA enabled, what can I do?

A: You can use one of your one-time-use six-digit codes provided by NetSuite when you set up 2FA, if you can you remember where you put them!

If you have any further questions about two-factor authentication, please don’t hesitate to contact BrightBridge on 0330 133 5000 or email

Words by Cedric Griffiths, Technical Support Manager, BrightBridge.