Ask your NetSuite Admin to provide your roles with the 'User Access Tokens' permission as show in the screenshot below. Click here to send them an email request or share this article with them.
NetSuite recommends that users connect to NetSuite with 'tokens' when using applications such as CloudExtend and has provided a means to generate these tokens automatically. during the login flow. Once a user enters their user name and password CloudExtend will attempt to create a token pair for future logins. If the end user does not have the proper permissions this process will fail and the user will need to click the back button and select basic login.
For the login flow to be able to generate tokens on behalf of the user ensure that their roles have the 'User Access Tokens' permission. When a role has this permission the NetSuite login flow will automatically generate tokens on your behalf and log you in with token based authentication which can greatly reduce NetSuite concurrency issues. Users without this permission will see an error when logging in (""You cannot continue this authorization flow. Your current role has insufficient permission. Please contact your account administrator." and will need to click the back button and login with basic credentials. Learn more about this error here.