On March 1st, 2024, NetSuite will be discontinuing the SMS/Voice call option for two-factor authentication (2FA). The move is driven by inherent security concerns associated with these methods, particularly the vulnerability of SIM swapping, where a malicious actor can trick the carrier into transferring a user’s number to their own device. Recognizing the importance of enhancing user security, NetSuite is mandating the use of authenticator appliances as the only form of 2FA.
By using authenticator applications, the security of 2FA is boosted as the generated codes are confined to the user’s device, eliminating the risks associated with external channels. As of right now SMS or calls are no longer an option for new 2FA setups or for users resetting their existing 2FA settings. Users who want to setup their 2FA will be forced to use the the authenticator app to generate their 2FA codes.
What authenticator apps are supported by NetSuite?
You are able to use any authenticator app as long as it complies with the OATH TOTP standard. There are many vendors on the market that NetSuite supports out of the box:
- Google Authenticator ( Android / iOS )
- Microsoft Authenticator ( Android / iOS )
- Oracle Mobile Authenticator ( Android / iOS )
How do I reset my 2FA settings to setup authenticator?
- Login into NetSuite and go to your home dashboard
- Find the settings portlet on your home screen and click the ‘Reset 2FA Settings”
3. In the reset 2FA page, you need to re-confirm your password. By completing this will reset your 2FA settings
How do I set-up/re-setup 2FA?
- If you have just followed the steps above to reset your 2FA, please log out and log back in to a role that is required to have 2FA
- Once you login you might be prompted to send a 2FA code directly to your email. Please continue
- You will shortly reach a screen that like this that will allow you to start the process of filling out your 2FA information. If you have done this before, you will notice you aren’t able to select SMS/Calls
4. On the next step you will want to scan the QR with your phone on your authenticator app of choice. Please look up specific videos or guides for your authenticator app of your choice
5. Once you have completed the setup on your authenticator app, please type in the 6 digit code provided by your authenticator app.
6. Once completed this step, please download your backup code and keep them in a secure location. It is not recommended keep them in a public location to a easy access location (ie, Desktop)
What do you recommend from a IT support perspective?
I personally recommend to forcing all your end-users to use the same authenticator app which will make a smoother support experience. In your company you will have expert users who already are using existing 2FA applications which is fine, but for new on-boarding’s and active support cases I would encourage you to recommend one option to your users.
What app should I use?
The best app can depend on the use-case of your business. If you are already using Microsoft 365 then I would recommend using Microsoft’s. If you are using Google, then I would use Google’s. I think the choice relaying on what matches your business the best as they are all good.
Support & Resources
If you have any questions, please reach out to [email protected] anytime!
Useful Links:
NetSuite Applications Suite – Reset a User’s 2FA Settings (oracle.com)
NetSuite Applications Suite – Reset Your 2FA Settings (oracle.com)
NetSuite Applications Suite – Set up Your Preferences for Two-Factor Authentication (2FA) (oracle.com)
