Skip to main content
resources

July 1, 2026

NetSuite token-based authentication: the security risk nobody rotates

Token-based authentication is how integrations connect to NetSuite. It is also the most overlooked security exposure in most accounts, because a token is easy to create, easy to forget, and hard to see once it exists.

Here is the problem in one sentence. A token bypasses two-factor authentication and never expires on its own. That means a token scoped to a powerful role is a standing key to your account, sitting outside every login control you have.

Why tokens accumulate risk

A token is created for a specific integration: a Celigo connection, a Boomi process, a custom script that talks to another system. It gets a user and a role. Then time passes.

  • The integration is retired, but the token is never revoked.
  • The employee whose login the token was tied to leaves, but the token keeps working.
  • The token was scoped to Administrator "just to get it working," and nobody ever narrowed it.
  • Nobody rotates it, so a credential created three years ago is still live today.

Each of these is invisible until someone looks. And a token you forgot about is exactly the kind of thing that turns a minor breach into a full account compromise.

What an audit should flag

Token condition Why it matters
Scoped to Administrator A super-user credential with no second factor. Full account access if it leaks.
Tied to a former employee Should have been revoked at offboarding. Still live is an access-control failure.
Years old, never rotated Long-lived credentials should rotate on a schedule.
Owned by a personal login Integrations should use a dedicated integration role, not a person.

The fix is not complicated once you can see the list. Scope integration tokens to a least-privilege integration role, never Administrator. Revoke what is no longer used. Rotate what is old. The hard part is seeing the list in the first place.

How SuiteRX audits your tokens

SuiteRX enumerates every active, non-revoked token read-only, names its role and creation date, and flags the ones scoped to admin-level roles or overdue for rotation. It maps each finding to SOX ITGC and SOC 2 access controls, so you can hand it straight to an auditor. This is part of the broader NetSuite security audit checklist.

See it in a live sample report, no email required, or run it on your account.

When you need help rescoping tokens and rebuilding integration roles without breaking the integrations that depend on them, the consultants at Adaptive Solutions Group do exactly that work.

Frequently asked

What is token-based authentication in NetSuite?+

Token-based authentication (TBA) lets an integration connect to NetSuite with a token instead of a username and password. It is the standard way integrations authenticate. The token is tied to a user and a role, and it inherits whatever that role can do.

Why are NetSuite access tokens a security risk?+

Tokens bypass two-factor authentication and do not expire on their own. A token scoped to an Administrator role is a standing super-user credential with no second factor. If it leaks, it is full account access. Tokens also outlive the integrations and employees they were created for, and rarely get revoked.

How do I audit access tokens in NetSuite?+

List every active token with its role, owner, and creation date, then flag the ones scoped to powerful roles, tied to former employees, or years old with no rotation. SuiteRX enumerates every token automatically and flags the risky ones.

See it on your own account.

SuiteRX checks everything in this guide, read-only, and hands you the report.