NetSuite takes security very seriously, and part of having a secure system includes ensuring that the users accessing NetSuite are supposed to be accessing it. Three ways to ensure user authentication in NetSuite include using security questions, passwords, and (for some users) even two-factor authentication.
NetSuite Security Questions
Security questions are one way to ensure user authentication in NetSuite.
Setting Up Security Questions
First, let’s look at how to set up security questions. The first time users log into NetSuite, they are prompted to set up three security questions along with their corresponding answers. These questions will be needed whenever you (1) forget your password, (2) log in with a new browser, or (3) log in with a new computer. If, for some reason, you don’t want to set up the questions the first time you log in, you can hit the Remind Me Later button up to five times to temporarily bypass setting up the security questions. If you do bypass the security questions when logging in for one of your first five logins, you can always complete that task by going to the Set Up Security Questions link in the Settings portlet on your home dashboard.
When setting up security questions, you will first need to enter your current NetSuite password. Then, you can choose three security questions from the dropdown lists and provide memorable answers for each one. Each answer must be unique, have a minimum of three characters, and be different from either your email or password. Answers to security questions are not case sensitive, so you just have to remember the actual word that you use to answer each question. By default, the Hide Answers box will be checked on this page, resulting in your answers being masked. If, however, you would like to see the answers as you type them in, uncheck the Hide Answers box.
Updating Security Questions
At times, you may find that you need to update your security questions and answers. You can easily change them when you are logged into NetSuite. Simply navigate to the Settings portlet on your home dashboard and select the Update Security Questions link. Then, you will be taken to the Update Security Questions page, where you will follow the same steps you did when you initially set up your security questions.
Forgetting Answers to Security Questions
You may find that you have forgotten the answers you provided for your security questions. When that happens, you can do one of two things. First, if you are already logged into NetSuite, you can simply follow the steps to update your security questions as detailed above.
You may not realize that you have forgotten the answers to your security questions, however, until you have exhausted your six permitted attempts while trying to log in. When that happens, either you or your account administrator must reset your password in order to provide you with access to your account. If your administrator resets your password, then your security questions will also reset, requiring you to go through the entire process of setting them up again. If, however, you reset your own password, then all the previous questions and answers will carry over. But since you got into this predicament because of forgetting your answers, it may be a good idea to go ahead and change them to something you can more easily remember!
Passwords are another way to provide user authentication.
Changing Your Password
On a regular basis, you will need to change your NetSuite password before it expires. To change your password, you can either click the link in the password expiration reminder email you get or you can select the Change Password link in the Settings portlet. Either link will take you to the Change Password page in NetSuite. On this page, you will need to enter your current password as well as a new password. To the right of the page, you will see the password criteria. As you type in your new password, the criteria box will display a check mark next to each criterion as it is met.
Forgetting Your Password
If you forget your password, then you can select the “Forgot your password?” link on the sign-in page. After clicking this link, you will be prompted to enter the email that is associated with your NetSuite account. Once you receive the email from NetSuite to reset your password, click the link provided in the email and follow all the instructions to reset your password, which will include answering one of your security questions and entering your new password.
NetSuite Two-Factor Authentication
Finally, NetSuite’s two-factor authentication (2FA) is a free feature that provides an increased level of security for specific NetSuite accounts. Users whose accounts are set up with 2FA must occasionally enter a verification code when they log into NetSuite. In addition, users who have 2FA will not be asked for their security questions unless they have forgotten their password.
Setting Up 2FA for Specific Accounts (Administrator)
Who can use 2FA? The administrator role is the only role that automatically requires 2FA, but administrators can require 2FA for other roles as well. To make 2FA mandatory for other roles, administrators must navigate to Setup > Users/Roles > Two-Factor Authentication > Two-Factor Authentication Roles. On this page, administrators can determine which roles should require 2FA. They can also decide the timeframe of devices being trusted after they have put in the verification code, with thirty days being the maximum amount of time devices will be trusted.
Setting Up 2FA (User-Level)
Users who need 2FA must set up their 2FA preferences. When logging in with a 2FA-required role for the first time, you will need to enter the verification code that NetSuite sends to your account email. Then, you will be taken directly to the Security Setup page. On this page, you will see two methods of authentication: (1) an authenticator app and (2) your phone via SMS or a call. You will set up one of these as your primary method of authentication and the other as your secondary method. NetSuite recommends using an authenticator app as your primary method of authentication, and you can find a list of compatible authenticator apps in this SuiteAnswers article.
After choosing and setting up both your primary and secondary methods of authentication, click Next. The final section of 2FA set up is simply a list of backup codes. The backup codes can be used to access your NetSuite account if neither of the first two methods is available to you. It’s advisable to save these codes somewhere, either physically or electronically, since this is the only time when you will be able to access the backup codes.
When users with 2FA required for their accounts are prompted to enter a verification code while logging into NetSuite, they will receive the necessary verification code via their chosen primary method. The verification code is valid for only a limited time, however, so there should not be a long delay between receiving the code and using it to log into NetSuite.
The security questions, passwords, and two-factor authentication all provide the much-needed user authentication in NetSuite. If you enjoyed this article, check out the related posts linked below. And to receive future blog posts directly in your inbox each week, be sure to subscribe to our mailing list!