On a different topic, we are also aware that the D...
# sdfd
Daniel Letscher (NS Eng)
04/25/2019, 10:56 PMOn a different topic, we are also aware that the Developer role which we released in 19.1 has been designated as requiring Two Factor Authentication (2FA). The current plan is to fix this in the next release, 19.2, but there are a couple different actions you can take now to resolve this issue if 2FA is a blocker for you:
1. You can create a customized Developer role for your own use that will not require 2FA. To do so, visit the Manage Roles page and click the Customize button next to the Developer role. Under Permissions, remove Integration Applications from the Lists tab and remove both Integration Application and Access Token Management from the Setup tab. Save your new role and use it with SDF. The role should not require 2FA. We plan to remove these permissions from the built-in Developer role next release. Should you need an integration application to create access tokens against, you should install the SuiteCloud Development Integration bundle (ID 245955), which provides an integration application to create access tokens against. To install that bundle using your customized role, you should also add the SuiteApp Marketplace permission under the Setup tab (to be added to the Developer role in 19.2 as well).
2. You can also use our token saving functionality to work with roles requiring 2FA. The first step is to generate a user access token for that role in the NetSuite UI. Then, in the SDF IDE, visit the Manage Accounts page, select the account you generated the token for, select Manage Authentication, and then Save Token for the role requiring 2FA. If you are using the SDF CLI, you can do the same using the
savetokens
stalbert
04/26/2019, 1:39 AMI've been using option 2 exclusively
b
Brian Freytag
04/26/2019, 12:22 PMWouldn't the best option actually be utilizing TBA?
Brian Freytag
04/26/2019, 12:23 PMJust because something is slightly more difficult doesn't mean that it's not the right solution lol. A developer's credentials get hacked, now someone can deploy malicious code to their production environment. The odds of their credentials AND their access tokens being simultaneously hacked? much smaller
Brian Freytag
04/26/2019, 12:25 PMThen again, if the developer can manage access tokens from the same account that is hacked, someone could just go in and create an access token and start deploying, so removing those permissions, requiring an admin account with 2FA to create access tokens for the developers, and then requiring the tokens in the SDF would be the best form of security, I'd say
s
stalbert
04/26/2019, 2:14 PMboth the options above are TBA. the issue in question was 2FA not TBA
b
Brian Freytag
04/26/2019, 2:15 PMright, but there is something to be gained by forcing 2FA for people who have access to deploy customizations to your your platform, right?
s
stalbert
04/26/2019, 2:16 PMyes 2FA is added security in all cases
b
Brian Freytag
04/26/2019, 2:17 PMso I'd argue that saying the "suggested method" should be to use the bundle to allow TBA with 2FA accounts, not the one to get rid of 2FA
s
stalbert
04/26/2019, 2:17 PMoh, you mean swap option 1 and option 2? I'd agree with you there
b
Brian Freytag
04/26/2019, 2:18 PMyeah
Brian Freytag
04/26/2019, 2:19 PM Copy code
but there are a couple different actions you can take now to resolve this issue if 2FA is a blocker for you:s
stalbert
04/26/2019, 2:21 PMsecurity vs convenience have been battling it out since the beginning 🙂
b
Brian Freytag
04/26/2019, 2:21 PMlol indeed
Brian Freytag
04/26/2019, 2:22 PMunfortunately, too many take the wrong route lol
Brian Freytag
04/26/2019, 2:22 PMand then when their Netsuite production gets all hacked they will blame Netsuite for their laziness
Brian Freytag
04/26/2019, 2:22 PMso as a CYA for Netsuite, I'd say, "2FA FOR ALL!"
s
stalbert
04/26/2019, 2:23 PMI do like how DUO uses push notifications for 2FA approvals... makes it less trouble
b
Brian Freytag
04/26/2019, 2:25 PMyeah. Facebook, Twitter, etc.. also have things like that. Sends a "Is this you?" directly to your phone and you just press "yes" and you're done
f
fkrauthan
04/26/2019, 6:07 PMBut pretty much what you are asking for is 2FA for any operation you perform through the SDF-CLI
b
Brian Freytag
04/26/2019, 6:08 PMthat's what the TBA bundle handles
Brian Freytag
04/26/2019, 6:13 PMI mean, thinking of the IDE, I think it's pretty dangerous to have the deploying of development and sandbox accounts right next to, and without much warning or anything, the ability to deploy to production
Brian Freytag
04/26/2019, 6:14 PMbut I come from the tradition of decoupling database migrations and deployment completely from the core code
Brian Freytag
04/26/2019, 6:15 PMI'm primarily a back-end php developer and the vast majority of my experience in Netsuite has been on the SOAP API
d
Daniel Letscher (NS Eng)
04/26/2019, 11:53 PMSorry for the wonky ordering! Wasn't necessarily endorsing either option in this case, unlike the other post. I'd agree that we built those TBA features for a reason 🙂
3 Views