Skip to main content
CFCX Work

Authentication Updates in NetSuite 2023.1

2023.1 Authentication |

Change

  • End of Support for HMAC-SHA1 Signature Method for TBA
  • End of Support for New SMS/Voice Call Setup for Two-Factor Authentication (2FA)
  • Outbound Single Sign-on (SuiteSignOn) End of Support Targeted for NetSuite 2024.2

End of Support for HMAC-SHA1 Signature Method for TBA

The end of support for the HMAC-SHA1 signature method for the Token-based Authentication (TBA) feature is targeted for NetSuite 2023.1. You should update your integrations to use HMAC-SHA256 as soon as possible. As of NetSuite 2023.1, any integrations using the TBA feature with HMAC-SHA1 as a signature method will stop working. The end of support and the request to change the signature method to HMAC-SHA256 also applies to third-party integrations. Before the end of support, you must update your authorization header to use HMAC-SHA256. To update the authorization header, change the values of the oauth_signature_method parameter and the oauth_signature parameter to HMAC-SHA256. For more information, see the following help topics:

  • Example OAuth Header
  • The Authorization Headers
  • The Signature for Web Services and RESTlets Important: If you are using a library for signing, verify that the library supports HMAC-SHA256, and if needed, update to a library with HMAC-SHA256 support. End of Support for New SMS/Voice Call Setup for Two-

Factor Authentication (2FA)

As of March 1, 2023, the 2FA setup using SMS/Voice Call will no longer be available. This change will not affect already existing 2FA setups. If you need to set up 2FA in your account after March 1, 2023, you will be able to use only an authenticator app. The option to generate backup codes is not affected by this change. The SMS/Voice Call option is not available as a secondary option for 2FA either. End of support for SMS/Voice Call is the first step in a process of transforming 2FA to more secure authentication method.

SMS/Voice Call can be easily intercepted and breached. Also, the SMS service provider may have

outage, your own phone service may have problems, as well, and your phone may be out of signal. The authenticator app is free from all these potential risks. Outbound Single Sign-on (SuiteSignOn) End of Support

Targeted for NetSuite 2024.2

The plan is to end support the SuiteSignOn feature for non-production account in NetSuite 2024.1, and for production accounts in NetSuite 2024.2.

Change

There will be multiple test windows and PFC notifications to prepare you for the transition before NetSuite 2024.2. As an alternative to SuiteSignOn, you can use the NetSuite as OIDC Provider feature. For more information, see the help topic NetSuite as OIDC Provider.