CloudExtend Applications communicate with NetSuite using NetSuite web services. NetSuite does not support 2 Factor Authentication (2FA) for their web services.

Two Options For Users With Roles Requiring 2FA

Option 1: Choose Token Based Authentication or Single Sign On

CloudExtend users with an Enterprise Edition license can enable Token Based Authentication (TBA) for their role and they will be able to sign in without 2FA. Please refer to the following two articles.

 Option 2: Clone your 2FA role and set it as web services only

If you are a trial user or license the Personal Edition this is option available for you.

Security is a primary reason for enabling 2FA. By following the steps below you will create a role that cannot be used via the NetSuite UI, ie it will only have programmatic access to NetSuite via web services.

  1. Clone the role your NetSuite user would normally login under. Note, users on NetSuite 2018.2 and higher will not be able to use Admin or Full Access roles since NetSuite no longer supports these roles without 2FA.
  2. Be sure the following permissions are not enabled for the role as these permissions wii, by default, require 2FA.- Access Token Management- Two-Factor Authentication- Two Factor Authentication base 


  1. Check off ‘Web Services Only’Checking off 'web services only' increases security by ensuring that users can only log in via apps such as CloudExtend. They will not be able to log in via the UI (ie
  2. When signing in to NetSuite via CloudExtend applications be sure to select this new role.

Did this answer your question?