NetSuite's move to Two-Factor (2FA) Authentication

Options
UAJenn
UAJenn Expensify Customer Posts: 3 Expensify Newcomer
in Integrations and API

In the next release of NetSuite, they are enforcing Two-Factor (2FA) Authentication for all admin roles and are strongly recommending all third party integrations move to a token-based authentication rather than user credentials, or specify a less-privileged role, otherwise they may stop working. Since Expensify currently uses User Credentials and the Admin Role, not tokens, it may stop working with this upgrade. How are you preparing for this, and are you going to provide a way to connect using Tokens? Thanks.

Flag · Accept Answer Off Topic Insightful Vote Up Awesome

Answers

  • Sheena Trepanier
    Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
    Options

    Hi @UAJenn, welcome and thanks for posting! I discussed this with my team and we are not anticipating any issues arising from NetSuite's update. We are currently working on supporting connection via token for customers who choose to switch to two-factor authentication.

    Once this is complete I'll be sure to update you on this thread. Cheers!

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • UAJenn
    UAJenn Expensify Customer Posts: 3 Expensify Newcomer
    Options

    Thanks Sheena. Do you know for sure that if you haven't rolled out tokens before NetSuite makes the change, that we will not have any connection issues? NetSuite seems to indicate this will potentially be a problem. I've attached an image from their release notes about it. Thanks.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • Sheena Trepanier
    Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
    Options

    Hi again @UAJenn, I was happy to check into this for you and confirmed that we have enabled 2FA for our own NetSuite account and have had no issue with the connection. If you were to run into issues we'd love to know right away so we can address it immediately.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • UAJenn
    UAJenn Expensify Customer Posts: 3 Expensify Newcomer
    Options

    Ok, thanks again for checking. Sounds good.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • Sheena Trepanier
    Sheena Trepanier Expensify Team, Approved! Accountant, Expensify Student Ambassador Posts: 1,362 Expensify Team
    edited August 2018
    Options

    You're welcome!

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • tylerzoll
    tylerzoll Approved! Accountant Posts: 430 Expensify Champion
    Options

    @Sheena Trepanier & @UAJenn I believe that the Expensify connection uses the Tokenization method for NetSuite. This is really nice because it doesn't require a user license. 2FA is used for users, but Expensify logs into your NetSuite account using WebServices. The best thing about NetSuite is that our friends at Expensify will never leave us far behind! ;)

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • UAJenn
    UAJenn Expensify Customer Posts: 3 Expensify Newcomer
    Options

    @tylerzoll - if this is true, we are not using tokens for logging into our NetSuite account, and I've been trying to get information on how to switch to tokens. Are you on NetSuite, and do you use Tokens to connect? Expensify has told me in the past they only use Tokens with Quickbooks. Thanks!

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • tylerzoll
    tylerzoll Approved! Accountant Posts: 430 Expensify Champion
    Options

    @UAJeenn, I went back and took a look and it looks like we actually don't use tokenization for our NetSuite & Expensify connection. For some reason I thought that we did. This may be an issue in the future though, because here is a note in NetSuite 2018.2 release notes:

    "In your integrations you might need to use certain functions that require a highly privileged role. You should transition these integrations to use token-based authentication (TBA) rather than user credentials, or specify a less-privileged role that does not require 2FA. For more information, see the help topic Token-based Authentication (TBA). For information about using TBA with your integrations, see the help topic Integration Management."

    I don't know if transactions from Expensify use a highly privileged role or not, but it will be an issue for me since we have Expensify connected through a System Admin role.

    Long after we connected Expensify, I created an Integrations user and role in NetSuite. That's where I connect all of our external services now. For example, I have FloQast set up on that account. I originally did this because we were having issues with too many connections at one time when I tried to export expense reports.

    I don't know that this is necessarily a best practice, it's just how I wanted to set it up. I don't mind paying for 1 extra user license just for our connections, but I also understand how that could be an issue for some folks.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome
  • UAJenn
    UAJenn Expensify Customer Posts: 3 Expensify Newcomer
    Options

    @tylerzoll - thanks for clarifying. Yes, that is my main concern - we have to use an Admin role to allow expensify to connect and with a user name and password and this seems to be what NetSuite is going to force into a 2FA situation. We use tokens for all of our other third party connections, so this is the only one I'm concerned about it not working after the next upgrade. Expensify seems to think it won't be an issue, but I'm still a bit concerned it will just stop working.

    Flag · Accept Answer Off Topic Insightful Vote Up Awesome

Categories