Making NetSuite Two Factor Authentication (2FA) More Convenient

This article is relevant if you are trying to work with NetSuite’s enforced Two Factor Authentication (2FA)

Background

Since version 2018.2, NetSuite is now enforcing that all accounts with elevated permissions (Administrator, Full Access, and other administrator roles) demand two-factor authentication (2FA) login modes.  The idea is to use the least privileged role access method — of which does not require 2FA.  Yet, for many of us, we need to have Administrator login. This forced way of logging into NetSuite is challenging because I, and my consultants, have so many logins to our client accounts. Thus, we have lost productivity — yet I can appreciate and understand the goal to increase security through stronger authentication practices.

As such, it’s better to “get in front of this” concern and embrace it versus fight it. Thus, in my mind, it’s important to make 2FA as convenient as reasonably possible.

NetSuite 2FA with the Authy Authenticator Application

In my mind, there is one tool that all administrators should at least review. It is called Authy and it is a full replacement for the Google Authenticator system. Here are key reasons I like it:

  1. Backup: the application has a mode to backup all of my authenticated accounts. This becomes more meaningful once the number of 2FA accounts you manage becomes copious.
  2. Multiple Clients: Not only can you get it working on your mobile device, but you can also connect it to multiple desktop machines and of course, other tablets.  Because I am on so many computers just “doing my work”, it’s important I don’t force a specific client mode of operation which limits the freedom I have gained with all our data accessible in the cloud.
  3. Low Cost: Authy is effectively free to use. Authy generates revenue from commercial parties that produce specialized authentication programs to call their APIs. For example, I have a number of crypto-currency exchange accounts and they leverage these Authy APIs when I produce blockchain transactions of any consequence.  Perhaps NetSuite will go this route as it sure is convenient?

Thus, in contrast to using your phone SMS, Authy is more flexible and easier to use for the many situations in which you may find yourself.  Click here to Get Authy.

A Word About Security

I suspect there may be readers that are concerned about Authy’s security. I have no comment on this and respect that as long as the marketplace continues to embrace Authy, then it is “good enough” for this application. Naturally, if any client insisted on a different practice for access to their account, my team would respect that.

Modify Duration of Trusted Device

If you observe that 2FA is simply too inconvenient, and your company agrees, you can modify the duration that an authentication will work up to 30 days. A number of clients have already changed this setting which is located under Setup, User/Roles, Two-Factor Authentication Roles.  Click on related image.

Usage Observations and Considerations

As I write this article, NetSuite is still in the 2018.2 rollout. On two occasions, while accessing different accounts just upgraded, the authentication applicator would not work with my previous setup. I had to use my secondary SMS option to authenticate. Subsequent controlled testing proved that I could indeed authenticate into NetSuite with the same email address yet have different 2FA-Driven accounts. As such, I am “monitoring for understanding” to confirm the day-to-day usage works as I have suggested. As many NetSuite users know, when NetSuite performs its semi-annual software upgrade roll-out, we sometimes see infrastructure based challenges that take a bit of time to stabilize. I suspect I am observing some of these situations.

We are in this Together

I welcome any alternatives to Authy for NetSuite Two Factor Authentication. Perhaps you have a favorite practice we all can learn from. Naturally, if you want to talk about how we serve our clients and take care of securing privileged logins, let’s have a conversation.

Be Sociable, Share!

Marty Zigman

Holding all three official certifications, Marty is Southern California's NetSuite expert and leads a team of senior professionals at Prolecto Resources, Inc. He is a former Deloitte & Touche CPA and has held CTO roles. For over 25 years, Marty has produced leadership in ERP, CRM and eCommerce business systems. Contact Marty to set up a conversation.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

| Category: Infrastructure, NetSuite | Leave a comment

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>