Access Overview
How users authenticate and access NetSuite.
Types of Access
NETSUITE ACCESS TYPES
===============================================================================
INTERNAL USERS (Employees)
├── Full NetSuite login
├── Assigned roles
├── Access via web browser
└── Most common user type
EXTERNAL USERS (Customers/Vendors/Partners)
├── Limited portal access
├── Customer Center / Partner Center
├── See only their own data
└── Subset of functionality
API/INTEGRATION
├── System-to-system access
├── Token-based authentication
├── No user interface
└── For integrations and scripts
User Login Process
HOW USERS LOG IN
===============================================================================
Step 1: User goes to login URL
├── system.netsuite.com
└── Or custom company URL
Step 2: Enter credentials
├── Email address
└── Password
Step 3: Two-Factor Authentication (if enabled)
├── Authenticator app code
└── Or SMS code
Step 4: Select Role (if multiple roles)
└── Choose role for this session
Step 5: Dashboard appears
└── User is logged in
Authentication Methods
Standard Login (Email + Password)
| Setting | Where to Configure |
|---|---|
| Password policy | Setup > Company > Login Restrictions |
| Failed login lockout | Setup > Company > Login Restrictions |
| Session timeout | Setup > Company > General Preferences |
Two-Factor Authentication (2FA)
2FA OPTIONS
===============================================================================
Authenticator App (Recommended):
├── Google Authenticator
├── Microsoft Authenticator
├── Authy
└── Most secure option
SMS Text:
├── Code sent to phone
├── Backup option
└── Less secure than app
Email:
├── Code sent to email
├── Not recommended
└── Least secure option
Single Sign-On (SSO)
For organizations with identity providers:
SSO OVERVIEW
===============================================================================
What is SSO?
├── Users log in via company identity provider
├── Examples: Okta, Azure AD, OneLogin
├── One password for all apps
└── IT manages credentials centrally
How it works:
Step 1: User goes to NetSuite
Step 2: Redirected to company login page
Step 3: User authenticates with company credentials
Step 4: Redirected back to NetSuite (logged in)
Benefits:
├── Centralized user management
├── Automatic provisioning/deprovisioning
├── Stronger security policies
└── Better user experience
Giving Users Access
Step-by-Step: Enable User Login
HOW TO GIVE A USER ACCESS
===============================================================================
Step 1: Create/Edit Employee Record
Lists > Employees > Employees > [Employee]
Step 2: Go to Access Tab
├── Give Access: ✓ (check this!)
├── Manually Assign Password: Enter password
├── Or: Send Notification Email (user sets own)
└── Email: Must be valid for login
Step 3: Assign Roles
├── In Roles section, click "Add"
├── Select role(s) for this user
└── Set default role (if multiple)
Step 4: Save
Result: User can now log in
Common Issues
| Problem | Cause | Solution |
|---|---|---|
| Can't log in | "Give Access" not checked | Check the box |
| No email received | Email address wrong | Verify email |
| Wrong password | User error or locked | Reset password |
| Can't see anything | No roles assigned | Add role(s) |
Session Management
Session Timeout
SESSION SETTINGS
===============================================================================
Navigation: Setup > Company > General Preferences
Settings:
├── Session Idle Timeout: 60 minutes
└── User gets logged out after inactivity
Best Practice:
├── Shorter timeout = more security
├── Longer timeout = more convenience
└── Balance based on risk
Concurrent Sessions
| Setting | Effect |
|---|---|
| Allow multiple sessions | User can log in from multiple devices |
| Single session only | Logging in elsewhere logs out first session |
Removing Access
HOW TO REMOVE USER ACCESS
===============================================================================
Method 1: Remove Roles (keeps record)
├── Edit employee record
├── Go to Access tab
├── Remove all roles
└── User can't access but record remains
Method 2: Uncheck Give Access (keeps record)
├── Edit employee record
├── Go to Access tab
├── Uncheck "Give Access"
└── Login disabled
Method 3: Inactivate Employee (recommended for terminated)
├── Edit employee record
├── Check "Inactive"
├── Removes access AND hides from lists
└── Preserves history
Quick Reference
| I want to... | Go to |
|---|---|
| Give user access | Employee > Access tab > Give Access ✓ |
| Reset password | Employee > Access tab > Password |
| Add role | Employee > Access tab > Roles > Add |
| Remove access | Employee > Access tab > Remove roles or uncheck Give Access |
| Set session timeout | Setup > Company > General Preferences |
| Configure 2FA | Setup > Company > Two-Factor Authentication |
Key Takeaways
- Give Access checkbox must be checked for login
- User needs at least one role to do anything
- 2FA adds security - require for sensitive roles
- SSO centralizes user management
- Inactivate users when they leave (don't delete)
Related Topics
- Users - Detailed user management
- Security Considerations - Login security
- Administrator Role - Admin access