Enhanced interface

SSO with Google

With single sign-on (SSO), users can access their company and other business applications through a single login. Centralized login and authentication have several key advantages, including security benefits.

SSO with Google requires specific configuration settings to work correctly with Sage Intacct.

Subscription	Company
Regional availability	All regions
User type	Business
Permissions	Full

Add custom attributes

Complete these steps in the Google Admin console.

Go to https://admin.google.com and log in to your Google Admin console.
From the Admin console home page, go to Users.
At the top of Users list, select More options and then Manage custom attributes.
At the top right, select Add custom attributes, then select Add to add the following fields with these attributes:
- Company Name
  - Info type: Text
  - Visibility: Visible to user and admin
  - Number of values: Single Value
- name (case sensitive)
  - Info type: Text
  - Visibility: Visible to user and admin
  - Number of values: Single Value
You can use the Category name Intaccttenant details or a similar category name to group these attributes together on the User record.

Add a new user (optional)

Complete these steps in the Google Admin console.

Go to https://admin.google.com and sign in to your Google Admin console.
From the Admin console home page, go to Users > Add new user.
Add the user information and select Add new user.
From the Users list, select the user you just made to edit.
Select User information.
Select Edit (pencil icon) on Intacct tenant details (or your selected category name).
Add the Company name and name for the selected user and select Save.

Set up a custom SAML App

Complete these steps in the Google Admin console.

Go to https://admin.google.com and sign in to your Google Admin console.
Go to Apps > Web and mobile apps.
Select Add Apps > Add custom SAML App.
On the App details page, call your new app SSO App and select Continue.
On the Google Identity Provider details page, copy the SSO URL, Entity ID, and download the certificate to use later. Select Continue.
On the Service provider details page, add the correct path to the sso_response.phtml file in both the ACS URL and the Entity ID fields. For example:
Copy
Example
```
https://www.intacct.com/ia/acct/sso_response.phtml
```
On the Service provider details page, add the Entity ID fields

The best practice is to use the Company ID here to ensure uniqueness for the App.

Remove any spaces in your Company ID to avoid any issues.
On the Service provider details page, verify that the Name ID format is EMAIL and the Name ID is Basic information > Primary email. Select Continue.
On the Attribute mapping page, map the fields you created in Add custom attributes between Google Directory attributes and APP attributes and select Finish.
Add custom attributes
Google Directory attributes App attributes
Company name Company name
Name Name

Add custom attributes
Google Directory attributes	App attributes
Company name	Company name
Name	Name

Turn on your SAML App

Complete these steps in the Google Admin console.

Go to https://admin.google.com and sign in to your Google Admin console.
Go to Apps > Web and mobile apps.
Select your SAML App and select User access.
Select ON for everyone and select Save.

Configure SSO in a Sage Intacct company

Complete these steps in Intacct as an administrator.

Sign in to Intacct as an administrator.
Go to Company > Setup > Company.
The Company Information page opens.
Go to the Security tab and select Edit.
In the Single sign-on section, Enable single sign-on, enter the following details, and select Save.
- Identity Provider type: SAML 2.0
- Issuer URL: Enter the entity ID that you used in step 6 of Set up a custom SAML App.
- Login URL: Enter the SSO URL that you copied in step 5 of Set up a custom SAML App.
- Certificate: Enter the certificate that you copied in step 5 of Set up a custom SAML App.
Go to Company > Admin > Users and select Edit next to the admin user for the SSO. For example, John Smith from entity ID you provided in step 6 of Set up a custom SAML App.
On the Single sign-on tab for the user, select the box for Single Sign On and enter the Federated SSO user ID.

Select Save.

This is the Intacct email address of the user that you used in step 6 of Set up a custom SAML App. For example, john.smith@your.company.com.

This field is case sensitive and must exactly match the email address in the Google Workspace Directory.