Yes! ExtendSync for Outlook fully supports all three NetSuite authentication methods:
✅ Two-Factor Authentication (2FA)
✅ Token-Based Authentication (TBA)
✅ Single Sign-On (SSO)
CloudExtend applications use NetSuite’s native login API to connect with your NetSuite environment securely.
Behind the Scenes
CloudExtend leverages NetSuite’s native API to create secure connections.
During your first login, the app automatically attempts to create a token and secret that will be reused for all future interactions between ExtendSync and NetSuite.
This removes the need for NetSuite Administrators to manually issue tokens for each user.
If token creation fails, ExtendSync will fall back to basic credentials (username and password).
How Authentication Works
When you log into ExtendSync for Outlook:
The app checks your NetSuite account’s authentication configuration.
If SAML/SSO is enabled, ExtendSync automatically redirects the login through your Identity Provider (IDP) (e.g., Okta, OneLogin, Microsoft Entra ID).
If TBA is available for your role, ExtendSync creates a token and secret pair on first login to streamline future connections.
This process minimizes admin setup and ensures you can log in using your organization’s preferred authentication method.
➡️ Learn more about logging in right here
Common Reason for Login Failure
If login fails after your first attempt, the most likely cause is that your NetSuite role doesn’t include the required permission:
Permission: User Access Tokens
This permission must be enabled for the role used to log in to NetSuite through ExtendSync.
Without this permission, ExtendSync cannot generate the token pair needed for secure ongoing authentication.