ADO.NET Provider for Sage Intacct

Build 25.0.9434

Establishing a Connection

Connecting to Sage Intacct

You can establish a connection to Sage Intacct using your own Web Services credentials or embedded credentials (Basic authentication), or Okta credentials.

Authenticating to Sage Intacct

Sage Intacct supports two types of authentication: Basic and Okta. Configure the connection by setting the relevant properties for your chosen authentication method.

Basic Authentication

The Basic authentication scheme allows you to read and write data using embedded credentials. You can optionally provide your own Web Service credentials.

To authenticate using Basic authentication, configure the following properties:

  • AuthScheme: Basic.
  • CompanyID: The ID you use to identify your company when logging into Sage Intacct.
  • User: The login you use to log into Sage Intacct.
  • Password The password for your login credentials.
  • (Optional) SenderID and SenderPassword: Your Web Services Sender ID and Password (only if you are using your own Web Service credentials).

If you are using embedded credentials, rather than your own Web Service credentials, you must do the following:

  • In your Web Services dashboard, navigate to the Company > Company Info > Security tab.
  • Add "CData" to your Web Services authorizations. This is case-sensitive. To do this, navigate to Company > Company Info (Configuration > Company in new UI) > Security > Web Services Authorizations / Edit.

AzureAD

Note that this configuration requires two AzureAD applications: the "Sage Intacct" application used for single sign-on, and a separate "connector" application with user_impersonation permission on the "Sage Intacct" application.

To authenticate to AzureAD, configure the following properties:

  • AuthScheme: AzureAD.
  • CompanyID: The ID you use to identify your company when logging into Sage Intacct.
  • SSOLoginURL: The SSO provider's login URL.
  • OAuthClientId: The application Id of the connector application, listed in the Overview section of the app registration.
  • OAuthClientSecret: The client secret value of the connector application. Azure AD displays this when you create a new client secret.

Also set these SSOProperties:

  • IntacctUserID: The Sage Intacct user ID that is mapped to the Okta user you set in the User connection property.
  • Resource: The Entity ID of the Sage Intacct application, listed in the Basic SAML Configuration section of the app registration.
  • AzureTenant: The Id of the Azure AD tenant where the applications are registered.

The following is an example connection string: 

AuthScheme=AzureAD;CompanyID=myCompanyID;OAuthClientId=myClientId;OAuthClientSecret=myClientSecret;SSOLoginUrl=https://login.microsoftonline.com/myAzureTenant/saml2;SSOProperties='IntacctUserID=intacct_user;AzureTenant=myAzureTenant;Resource=https://saml.intacct.com;';

Okta

To authenticate to Okta, configure the following properties:

Also set these SSOProperties:

  • IntacctUserID: The Sage Intacct user ID that is mapped to the Okta user you set in the User connection property.
  • APIToken (optional): If users are authenticated via a trusted application or proxy that overrides Okta client request context, specify the API Token that the customer created from the Okta organization.

Example connection string: 

AuthScheme=Okta;CompanyID=myCompanyID;SSOLoginURL=https://example.okta.com/home/appType/0bg4ivz6cJRZgCz5d6/46;User=oktaUserName;Password=oktaPassword;SSOProperties='IntacctUserID=intacct_user';

OneLogin

To authenticate with OneLogin SSO, configure the following properties:

  • AuthScheme: OneLogin.
  • CompanyID: The ID you use to identify your company when logging into Sage Intacct.
  • SSOLoginURL: The SAML 2.0 Endpoint. This can be found in OneLogin under Applications > your Sage Intacct app > SSO.
  • OAuthClientId: The client Id of your OneLogin OAuth app. This can be found in OneLogin under Developers > API Credentials.
  • OAuthClientSecret: The client secret of your OneLogin OAuth application. This is listed below the client Id.
  • User: The OneLogin username.
  • Password: The OneLogin user's password.

Also set these SSOProperties:

  • IntacctUserID: The Sage Intacct user ID that is mapped to the Okta user you set in the User connection property.
  • Subdomain: The subdomain of the OneLogin user accessing the SSO app. For example, if your OneLogin URL is cdata.onelogin.com, the subdomain value is cdata.
  • AppId: The Id of the Sage Intacct app in OneLogin. This can be found by selecting the app. If the URL is https://cdata.onelogin.com/apps/4157774/edit, then the app id is 4157774.

The following is an example connection string: 

AuthScheme=OneLogin;CompanyID=myCompanyID;User=OneLoginUser;Password=OneLoginPassword;SSOProperties='IntacctUserID=intacct_user;Subdomain=subdomain;AppId=12345;';SSOLoginUrl=https://subdomain.onelogin.com/trust/saml2/http-post/sso/123eda45-1c23-123f-b26c-1be75d633ac6;OAuthClientId=myClientId;OAuthClientSecret=myClientId;

Copyright (c) 2025 CData Software, Inc. - All rights reserved.
Build 25.0.9434