Upcoming Netsuite 2FA Change for SDN Accounts (July 13, 2018)

Document created by sheng_liao462475 Employee on Jun 25, 2018Last modified by sheng_liao462475 Employee on Jun 25, 2018
Version 2Show Document
  • View in full screen mode

Starting with NetSuite version 2018.2, two-factor authentication (2FA) is required for all login sessions using Administrator and Full Access roles in newly provisioned SDN accounts.


What is the upcoming change on Netsuite side?
The 2FA enforcement was already rolled out to customer production accounts that were newly provisioned on 2018.1. All login sessions using either the Administrator or Full Access roles require 2FA. Unless specified, custom roles that do not contain 2FA-required permissions do not require 2FA during login. Please refer to the “Permissions Requiring Two-Factor Authentication” document for details on these permissions (https://system.netsuite.com/app/help/helpcenter.nl?fid=section_1515446005.html).

An exception to the 2FA enforcement was made to SDN accounts during 2018.1 to minimize disruption. This enforcement will expire starting in 2018.2, and it will be rolled out to new SDN accounts provisioned from phase 1 of 2018.2 to have a unified authentication model with the customers. Please refer to the NetSuite Help Center for details on setting up and using 2FA.


What is the upcoming change on Boomi side?

None. Since Netsuite connector already supports Token-Based Authentication (TBA), there are no changes needed in the connector.


How does this change impact my SuiteApps?
Since the 2FA enforcement also applies to integrations, this change may impact your SuiteApps depending on the authentication methods and roles they use. Please note that this change will NOT impact existing customers accounts in 2018.2, but it may apply to them in a future release.


If your SuiteApp uses Token-based Authentication (TBA), then this change does NOT affect it regardless of the role it uses during authentication.


If your SuiteApp uses a custom or standard role that does not contain 2FA-required permissions during authentication, then this change does NOT affect it regardless of the authentication method it uses.


If your SuiteApp uses the Administrator role or Full Access role, or any other 2FA-required role, during authentication, and it uses credentials as the authentication method, then this change will cause the authentication to fail. The recommended solutions are either switching the authentication method to TBA, or use a custom role during authentication if possible. Please note that implementing both solutions simultaneously are recommended because they are both security best practice per the SAFE document.


If your SuiteApp uses inbound SSO and it uses the mapSso API to perform the initial mapping, then this change will break the mapping operation for roles protected by 2FA including Administrator, Full Access, and custom or standard roles that contain 2FA-required permissions. The easiest solution is to use the manual mapping method per the inbound SSO documentation. The recommended long-term solution is switching the authentication method to TBA.


How does this change impact my Boomi integration process?

If you are using Administrator and Full Access roles in newly provisioned SDN accounts with NetSuite version 2018.2, you will need to update your Netsuite connection accordingly and re-deploy the integration process.


Which SDN accounts will have 2FA enforcement enabled?
2FA will be enforced for any SDN accounts (leading and trailing) newly provisioned started from version 2018.2 phase 1. All existing SDN accounts provisioned prior to NetSuite version 2018.2 phase 1 will NOT have 2FA enforced.


Version 2018.2 phase 0 is scheduled on July 13th, phase 1 is scheduled on August 17th (both dates are tentative). Please look for an invitation to an upcoming release webinar for SDN partners.