Starting 2019.1, NetSuite will require two-factor authentication for highly privileged roles used by SuiteTalk (web services) applications and RESTlets. As of this writing, 2FA is only required when logging in via NetSuite UI.
If you’re managing an account that has multiple NetSuite integrations, it is highly encouraged that you start preparing as early as now.
In my case, I administer an account that is integrated with three external applications plus one middleware and I was able to get them 2019.1 ready. Wonder what are the steps I took? Let me share it with you:
Prepare an inventory of all your integrations.
If you already did this, then give yourself a pat in the back because usually, this is a daunting task, especially if you’re someone new and the account that you’re managing has gone through a long history. Go to Setup > Integrations > Manage Integrations and look which among those applications are still active or not by looking at Web Services Execution Log or RESTlets Execution Log.
Contact the right teams.
Reach out to the point person for your third-party applications or middleware and ask them how are they preparing for this change.
If all your integrations are housed in a single middleware platform, then you are lucky since you just need to talk to most likely, one developer. Example of middleware platforms are Boomi, Mulesoft, Jitterbit, Celigo, etc. Talk to your middleware developer and get them involved in this phase. Ask them relevant questions like what is the role used by your integration user or if their platform supports token-based authentication.
For third-party applications:
Examples of third-party applications are Expensify, Coupa, Adaptive, SalesForce etc.
I have prepared a sample outreach email that you can use as a guide:
Hi <Name>, Starting 2019.1, NetSuite will require 2FA for integrations that are using a highly-privileged role like administrator and full access. Can you please tell us what are the actions being taken by <Name of application> for this change and what do you suggest us do? The most common recommendation is to transition to token-based authentication, is this the same step that you would recommend for us? Please advise.
Decide on which approach to take.
NetSuite recommends two approaches to the changes you should apply in your integrations. The first option is to use a role with lesser privileges and the second one is to transition to token-based authentication. In our case, this is the approach I implemented for all our integrations, as it promotes consistency. Before choosing which path to take, remember to do your own research first on the pros and cons of each approach.
Document the planned change.
A major change like this must be documented well as part of your change management process. The most common reason why integrations break is due to a failed authentication. It takes hours or even days before resolving this issue when someone made a change, went on PTO and did not notify the team about it. Any changes like this must be visible, especially when you’re in working in a large team.
Test the change in Sandbox first.
No matter how simple the change is like removing some permissions from the role, it is always a must to test in Sandbox first to ensure that no unexpected issues will occur before deploying it on Production.
Plan on a target date of when to apply this change to Production.
If everything goes smoothly, plan on when you’re going to apply this to Production. It is advisable to let your integration run in Sandbox for at least a day before proceeding with this change on Production.
Implement the change.
This is where you start implementing the change in Production, pray that everything goes smoothly, you hear the drum roll and voila, it works! (Hopefully).
Take a rest.
What you just went through is not easy. Believe me, I’ve been there. It’s not easy juggling between teams to coordinate this change, let alone the research that you need to do when NetSuite announces something like this. You deserve to take a break. *wink*
I hope this article helps in some way. If you have any questions, fill out this form and let me know how I can help.