NetSuite's new Admin 2-Factor Login is the Most Irritating New Feature of 2018.2 - And I Love It!
If you, like me, have access to an Admin role in NetSuite, you have probably become used to switching back and forth with ease between the operational roles and your admin role. But it’s always sort of of bothered me. After all, someone with my password could login as Admin and destroy or steal our data. So I was happy to hear about NetSuite’s efforts to lock down Admin access. Having to wait for a text message while logging in is a little irritating - but so worth it!
For those of you without Admin access (ie hopefully most of you), the two-factor feature requires a secondary verification (usually a text message) before allowing you access. It works the same as secondary authentication in Google Apps and many banking interfaces. When you login to NS as admin or switch to admin during a session in which you have not previously been challenged, you are sent a text message with a code. You enter the code to unlock the Admin role. No code means you are out of luck unless you have access to the backup methods.
Sure, it’s a pain in the touche. But it’s absolutely necessary. Admin access is so powerful that we must ensure that only truly authorized users can leverage it.
We take a similar approach with our Segregation of Duties (SoD) tools for NetSuite but we take it one step further back to ensure that permission was granted to give Admin access in the first place. We do this by requiring secondary approval to grant Admin access and other critical access (eg Transactional Delete Permissions). Our SoD is integrated right into NetSuite at the employee record. If you try to give someone Admin access and you don’t have permission, it will block you - manually, code, web services, doesn’t matter. This locks down these critical access rights and permissions to ensure that approval has been granted.
If you get challenged by the SoD engine, you can quickly request access and, once approved, the access will instantly be applied. You don’t need to leave NetSuite to do it and you don’t need to appoint one “Access Maven”. This enables our customers to get things done quickly AND safely - which is what we are all about. You don’t have to block all violations, you can just warn the user and review and clear the conflict later for less critical problems. And of course our Agent monitoring and blocking controls do the same thing for Master Data changes and transactions.
So thanks NetSuite - you are driving me crazy but helping me sleep at night!