Customers have reported receiving emails from NetSuite reminding them that certain highly privileged roles require two-factory authentication. The entire message from NetSuite is at the end of this article for your reference. NetSuite's definition of highly privileged roles is here (NetSuite login require to view link). It should be noted that you may be receiving this email from NetSuite for integrations other than CloudExtend.

Most CloudExtend Apps support 2FA as seen below. Read on for a per App summary of any actions your org may need to take.

CloudExtend Outlook for NetSuite

CloudExtend Outlook for NetSuite users can login with highly privileged roles that require 2FA as long as they have properly configured the permissions for those roles. See this article for full details.

CloudExtend Excel for NetSuite

CloudExtend Excel for NetSuite users can login with highly privileged roles that require 2FA as long as they have properly configured the permissions for those roles. See this article for full details.

CloudExtend G Suite for NetSuite

CloudExtend G Suite for NetSuite users can manually create login tokens (or have their Admins create them) as outlined here. NOTE - this is only necessary if users are editing records inside the Gmail extension. All other activities such as attaching emails and files can be performed without logging into NetSuite via CloudExtend.

CloudExtend Excel for NetSuite Classic Edition (SmartClient)

Supporting 2FA for the Classic Edition is not possible. We recommend that users migrate to CloudExtend Excel for NetSuite. Users that need to continue using the Classic Edition should continue to login with roles that do not require 2FA.

Email message from NetSuite below

You are receiving this notice because some of your RESTlets or SOAP web services integrations still use user credentials as an authentication method for the Administrator or other highly privileged roles.

This approach is prohibited, because authenticating with user credentials is not compliant with the Mandatory Two-Factor Authentication (2FA) policy for Administrators and other highly privileged roles. To comply with this policy, you must use Token-based Authentication (SuiteAnswers ID 41827), or OAuth 2.0 (SuiteAnswers ID 91092) for your integrations.

Mandatory 2FA Policy Summary
Administrators and other highly privileged roles must authenticate in a way that is compliant with the Mandatory 2FA policy for UI and non-UI access to NetSuite. Using user credentials to access NetSuite through the Application Programming Interface (API) for these roles is prohibited as the authentication method is not compliant with the Mandatory 2FA policy. NetSuite offers other authentication methods that are compliant with the policy and strengthen security of your account: Token-based Authentication and OAuth 2.0.

For more information about Mandatory 2FA, see Permissions Requiring Two-Factor Authentication (2FA) (SuiteAnswers ID 70234), and Mandatory Two-Factor Authentication (2FA) for NetSuite Access (Suite Answers ID 76766).

Required Actions
To be compliant with the Mandatory 2FA policy, you must use either Token-based Authentication or OAuth 2.0 as the authentication method for your integrations when authenticating as an Administrator or other highly privileged roles.

You should update your RESTlets and web services integrations as soon as possible to use one of these authentication methods.

If a partner or third-party supplied your integration and you are unable to change the authentication method, contact the partner or third party and request that they make the required changes.

If you have additional questions, please contact NetSuite Customer Support.


Thank you,
The Oracle NetSuite Team

Did this answer your question?