We’re experiencing a complete sales access shutdown after our recent office move. Our external sales reps, who work remotely and from client sites, are now unable to log into NetSuite to access the quote management module. They’re getting ‘Access Denied - IP Address Not Authorized’ errors when attempting to authenticate.
The issue is that our IP whitelist configuration was set up based on our old office network ranges and hasn’t been updated since the relocation. Our IT team configured the whitelist months ago when we first implemented NetSuite security policies, and apparently the documentation of which IPs were whitelisted was incomplete.
What’s particularly frustrating is that our sales team is completely blocked - they can’t create quotes, update existing opportunities, or access customer pricing information. We have major deals in flight and our sales operations have effectively halted. The sales reps are working from various locations (home offices, client sites, coffee shops) so we can’t just add a single new office IP range.
We need a solution that maintains security but doesn’t lock out our distributed sales force. Has anyone dealt with IP whitelist management for remote sales teams in NetSuite 2023.2?
We temporarily disabled IP restrictions for the sales role to get everyone back online. The VPN solution would work but our sales team strongly resists VPN requirements - they need quick access from mobile devices and client networks where VPN setup is problematic. We need something that works for truly mobile users without compromising security too much.
Quick fix: temporarily disable IP restrictions for the Sales Rep role while you figure out a permanent solution. Go to Setup > Users/Roles > Manage Roles > [Sales Rep Role] > Access tab and uncheck ‘Restrict by IP Address’. This will get your team working again immediately, then you can implement a proper solution.
The VPN approach is good but consider using NetSuite’s role-based IP restrictions more intelligently. You can set up different IP restriction policies for different roles. Create a ‘Remote Sales’ role that has no IP restrictions but requires 2FA, while keeping IP restrictions on administrative roles. This balances security with usability for your distributed workforce.
Look into NetSuite’s ‘Trusted Device’ feature combined with conditional access policies. You can register each sales rep’s primary devices as trusted, then require additional authentication (like 2FA codes sent via SMS) when they log in from new devices or locations. This gives you security without the rigid IP whitelist approach that doesn’t work for mobile sales teams.