The first time you log in to NetSuite with a 2FA required role, you are automatically shown the Security setup page. If you do not see the Security setup page, you might not be logged in to NetSuite with a role that requires 2FA.
Switch roles to a role that is 2FA required such as choosing another role in your login. If you have no roles requiring 2FA, kindly reach out to your administrator to either provide you a role with 2FA required or change the settings of your role into 2FA required.
You must complete the initial 2FA setup in the NetSuite UI on your computer. You can log in using 2FA with the NetSuite Mobile application. However, it is not possible to perform the initial 2FA setup from the mobile app.
To start and complete your 2FA setup:
1. Install an authenticator app on your phone if you have not done so. See Supported Authenticator Apps. Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts.
2. When you have installed the authenticator app, click Next.
The SMS option is currently only prohibited for new 2FA setups. However, industry experts (such as NIST, W3C, and the FIDO Alliance) no longer view SMS as a secure delivery mechanism for 2FA verification codes. As part of our ongoing commitment to world-class security, the SMS option is targeted for removal in a future NetSuite release.
You can click Skip to NetSuite to dismiss this prompt up to five times. After the fifth time, you are required to set up an authenticator app or your phone number.
3. Using the authenticator app on your phone:
-
-
Scan the QR code displayed, or manually enter the string of characters shown next to the QR code.
The authenticator app generates a verification code.
-
Enter the verification code.
Verification codes generated by authenticator apps expire approximately every 30 seconds. Enter a new code if the initial code you receive expires.
IMPORTANTIf you have entered several codes in a row that have been refused, do not keep trying codes from your app. After five failed attempts, you will lock yourself out of NetSuite. If the time on your phone or app is not properly synchronized, NetSuite will not accept the verification codes generated by your app.
-
Click Next.
-
4. Ten backup codes are displayed in the UI.
These unique backup codes can be used to log in to a 2FA role when you are unable to receive a verification code. Each backup code can be used only a single time.
Treat backup codes as securely as you would treat a password. This is the only time these unique ten codes are displayed in the UI. You cannot retrieve these from the system after you close this window. If you lose these backup codes, you can generate new ones.
5. Click Print to print the backup codes, if desired.
Planning a trip to a location where you do not have phone service? Authenticator apps provide a verification code even when you have no cell service. What if you do not want to turn on your phone at all? You should also take your back up codes with you. Keep your backup codes secure. Do not store your backup codes with the device you use to log in to NetSuite.
6. Click Next.
After your 2FA setup is complete, the Reset 2FA Settings and Generate Backup Code links appear in your Settings portlet which is usually placed at the bottom-left of your home page. See sample below: