Adding new user access to NetSuite
- Navigate to List > Employees > Employees > New
- Enter the required information for the employee, this is typically name and email.
- Other available subtabs are:
Address – Here you can enter the employees home or office address, you are also able to mark it as their default shipping address.
Human Resources – Under this subtab, you’ll have fields such as social security number and birthday that are optional. By default, job information and expense and purchasing information can be found in this section. Under Expense and Purchasing, expense and purchasing approver and limits can be set. While not mandatory, this section is important to fill out for any employees who will be creating purchase orders or entering expenses. Under the human resources subtab, you will also find information such as emergency contacts, education, marital status, gender, and ethnicity.
System Information – Here you can view any changes made to the employee record. You will also have the Inactive checkbox. Instead of deleting an employee, you are able to inactivate the employee record.
Access – This access tab is what enables an employee to access NetSuite.
Give Access- The give access checkbox is what enables users to log in, in order for a user to be able to login, this box must be checked.
Send New User Access Notification Email – Mark this checkbox to initiate an automated email to the employee about their access to NetSuite. The standard NetSuite email includes a link for the user to set up their password. You have the option to assign the user password manually below if you choose not to have the user set up their password independently.
Manually Assign or Change Password – When this box is checked, you’ll be able to manually assign a user with a password. This is typically checked if you choose not to check the send new access notification email. In this case, you are responsible for creating the password, communicating it to the user, and providing instructions on when and how to log in. The best practice for security is to avoid transmitting the password via email.
Require Password Change On Next Login – When checked, the user will be prompted to change their password upon their next login. The user will not be able to access NetSuite until they have changed their password. Here you can also see the password criteria required.
Roles – Here under the access tab, you set the user’s role from the drop down. This role will dictate everything the user can do within the system. In order for the user to access NetSuite, they must be assigned a role. To assign, select a role from the dropdown and hit “Add”. Users can be assigned multiple roles, to do so, repeat these steps. – Add in a suite note that it is best practice to assign custom roles and no standard roles from NetSuite other than administrator as standard roles may not fit your business practice/ permissions.
Two-Factor Authentication
Two-factor authentication (2FA) is essential to provide enhanced security for your NetSuite environment users. These tools provide an additional layer of protection beyond traditional password-based authentication. Using 2FA is key to help protect your company from unauthorized entry into your system.
It is important to note that some high-level permissions when assigned require 2FA.
- Access Token Management
- OAuth 2.0 Authorized Applications Management
- Core Administration Permissions
- Two-Factor Authentication base
- Set Up OpenID Connect (OIDC) Single Sign-on
- Set Up OpenID Single Sign-on
- Set Up SAML Single Sign-on
- OIDC Provider Setup
- Integration Application
- Device ID Management
- View Unencrypted Credit Cards
- View Unencrypted ACH Account Numbers
Once 2FA is enabled users will have a choice to receive their login code with an authenticator app or by text. On Google Play and the Apple App Store users can choose between multiple 2FA apps such as Security tools, such as OKTA Verify, Oracle Mobile Authenticator, Google Authenticator, and Microsoft Authenticator. This choice will be up to the user. All of these will work with NetSuite.
- Entering their Netsuite user credentials (email and password)
- Entering a verification code. Depending on if your authenticator is OATH TOTP compliant or not, users will receive in code in two different ways.
- If this authenticator is OAT TOTP compliant, Users will receive an auto generated one-time code from their authenticator app.
- Verification codes can also be sent via SMS or voice calls to a user’s phone.
How TAC Can Help
At TAC Solutions Group, we approach NetSuite user management with the level of detail it deserves that is often overlooked. Join us as we optimize access, fortify security, and ensure the seamless integration of your organization’s digital infrastructure. Let’s elevate your NetSuite experience together.