NetSuite aims to enhance security by restricting access to data and user accounts. Besides the standard authentication options available, you can decide to limit users’ login by IP Address rules. This feature in NetSuite allows setting specific IP addresses from which users can log in.
This feature is very useful if set correctly, but otherwise, it can cause users to be locked out of their accounts. This is why if you need to enable it, please make sure to follow these exact steps to set the restrictions.
To enable this feature:
- Go to Setup > Company > Enable Features.
Click Save.
After this feature is enabled, a pop-up warns the user that an IP address needs to be set:
These restriction rules are to be inserted by navigating to Setup > Company > Company Information.
In the Allowed IP Addresses field, enter the correct IP addresses (in standard dotted decimal format) from which you want employees in your company to access your account. Each of the numbers in the four segments (the numbers between the dots) must be between 0 and 255. The format can be the following:
A single IP address, such as 223.48.67.39
A range of IP addresses, with a dash and no spaces between, such as 128.45.67.80-128.45.67.99. You can use 123.45.67.80-99 to indicate the same range.
An IP address with full netmask, such as 123.45.67.80/255.255.255.0
Important: Make sure that you have entered the correct IP addresses before you log out so that you and your employees can log back in. This is an essential step because if the Allow IP Addresses field is None and you log out of the account, access will not be granted.
If an employee has multiple roles with IP address restrictions, the employee can only access that role from the addresses listed on the employee record or the addresses listed at Setup > Company > Company Information when the Inherit IP Rules from Company box is checked.
In case users get locked out of their accounts, a case with NetSuite support needs to be raised. It’s a lengthy verification and managerial approval process to disable this feature, which may take days until users regain access to their NetSuite accounts. Two-factor authentication (2FA) is the preferred alternative to restricting access by IP address. Consider using 2FA instead, rather than modifying IP addresses often for multiple users.