Field descriptions: User information

User information tab

General information

General information field descriptions
Field Description

User ID

When you create a user, you assign the person a user ID. The user ID is unique to the user and can’t be changed after created. A best practice to create a user ID is the first initial and last name of the user.

Username

Enter a name for the user.

Account email address

Enter the user's Account email address.

This email is only accessible to two users: the user and the company admins. This limited availability ensures greater privacy and protection from unauthorized access.

This email address also helps Intacct more efficiently communicate with users who are having login-related issues. When a user is locked out of Intacct, they will receive password reset instructions at this email.

The Primary email address from the associated Contact record and the Account email address can be different.

Status

New users can only be created with a status of Active or Locked out. You can edit a user after creation to change its status to Inactive.

The setting will not work right away if you change it while the user is logged in. The user needs to log out and then log back in for the change to take effect.

  • Active. The default status is Active, which allows the user to log in and access Intacct.

  • Inactive. This setting retains the user information in your system, but hides the user from lists throughout Intacct. For example, an employee takes a one-year sabbatical. You want to retain the employee's information and turn off access until they return.

    Records designated as Inactive do not appear in the list by default. To view these records, select Filters at the top of the list and select Remove next to the Status filter to remove it.

    If you wish to see the inactive records, you can select the Include inactive checkbox on any list.

    The setting does not work right away if you change it while the user is logged in. The user needs to log out and then log back in for the change to take effect.

  • Locked out. Both Intacct and administrators can set a user's status to Locked out. Intacct sets this status if a user exceeds the allowable number of login attempts as defined on the Company Information page. (Company > Setup > Configuration > Company > Security tab). If Intacct sets status to Locked out, then an administrator must set the status back to active so that the user can log in again. An administrator can also explicitly set the status to Locked out to prevent the user from logging in.

Keep my password until I reset it

The password security option exempts the user from having to adhere to the company-required password change setting. Use this setting only where software automatically logs in to the Web Services API.

Contact name

This field links a user record to a contact record.

The selected contact must have a first and last (family) name. If the selected contact does not have a first and last (family) name, update the contact information before associating it with a user account.

This is important in many areas of the application. For example, to enter an expense report, the employee contact name Alex Smith must be associated with the user asmith. You can link a user to an employee, or anyone else using their contact record, such as outside consultants and CPA contractors. You could also link to a customer contact, so that a customer can log in and perform operations in an application, such as Inventory. If you update user contact information, Intacct also update the associated contact.

Creating a user does not automatically create a contact record for that user. If you're creating a user who is also an employee, customer, or supplier, add them to the Customers, Suppliers, or Employees list first, then add them as a user.

First and last name

When a Contact name is selected, the First and Last names are populated from the Contact record.

Primary mail address

When a Contact name is selected, the Primary email address is populated from the Contact record.

The Primary email address and the Account email address can be different.

Sage Intacct financials permissions

Sage Intacct financials permissions field descriptions
Field Description

User type

Assign a user type that reflects the features that this user requires.

When you select the Business user type, set the Admin privilege. Business users can have Full, Limited, or no Admin privileges.

Learn more about User types.

Admin privileges

Indicate if the user will have administrator privileges. The default is that administrator privileges are off. If you turn them on, choose between making the user a limited or full administrator.

  • Full administrators have complete administration privileges including the ability to create other full administrators. Full administrators have full access to Platform Services features, and in the case of role-based companies, the ability to use the Try role feature.

  • Limited administrators have all administration privileges, except for the previously mentioned items.

Learn more about Administrators in Sage Intacct.

Role name

Name of the role to assign to the user.

Rows

Enter a number in Rows, and select Refresh to change the number of rows shown on this tab.

Password reset

Password reset field descriptions
Field Description

Enable 2-step verification

If you enabled two-step verification, users are required to complete a second step by entering a verification code Intacct sends to their phone (via an authenticator app, text, or voice message).

  • Learn more about enabling two-step verification.
  • If you selected Do not allow trusted devices, two-step verification will be required every time the user logs in.
  • To override this setting for a selected user, you can select Allow from the Trusted devices field on the User information tab.

Learn more about SSO and two-step verification.

Trusted devices

If you selected Do not allow trusted devices when setting up two-step verification, this field overrides that option.

For example, if your company is set to allow trusted devices, you can set this user's account to Do not allow trusted devices. This user would then be required to enter a verification code at each login.

Reset password

You can reset a user's password as needed. For security reasons, when you reset a user password, Intacct requires you to enter your own password to verify your identity. The user then receives an email with a temporary password at their Account email address.

When the user's password is reset, they’ll be prompted to enter a verification code if your company is configured for 2-step verification.

User entities, departments, territories

The following table describes the user entities, user departments, and user territories. These restriction tabs only appear in multi-entity companies.

User entities

User entities field descriptions
Field Description

Enable access to top level

Users who are restricted to a single entity in a multi-entity company cannot log in at the top level because they are restricted to a single entity.

However, administrators can select Enable access to top level for those users who are restricted to a single entity in a multi-entity company. Granting access to the top level enables users restricted to a single entity to log in to the top level by default when logging in to a company.

It's a best practice for administrators to enable access to the top level for all users who are restricted to a single entity in a multi-entity shared company.

Users with access to more than one entity can always access the top level.

Entity

Users are restricted to entities assigned to them on the User entities tab. The listed entities restrict:

  • which entities the user can slide-in to.

  • the entities that the user can use as a dimension on a transaction.

  • how much data the can see in reports, transactions, and other data records.

  • No restrictions: Users without any listed restrictions have access to all entities in a multi-entity company. They log in to the top level by default and can slide-in to any entity.
  • Restricted to one entity: Users restricted to a single entity automatically slide-in to the entity at login. They cannot access the top level unless Enable access to top level is selected. If Enable access to top level is selected for a user, they access the top level by default when logging in.
  • Restricted to two or more entities: Users restricted to two or more entities only have access to entities on their restrictions list. They log in to the top level by default and can slide-in to one of their restricted entities.

In addition to where a user can navigate, entity restrictions also restrict the data a user might see in a report or transaction. It also restricts their ability to create transactions and other data that asks them to choose specific entities.

  • Effects on running reports: Users with entity restrictions can only see data on reports related to their specified entities. If any entity is not included in their restrictions list, then they cannot see report data related to those transactions, which include other entities as dimensions.
  • Effects on viewing and creating data: Users with entity restrictions can only see transactions and other data related to their specified entities. Users cannot view data on a transaction or other records if the data includes an entity not on the users restrictions list. Users can only create data and transactions using entities they're allowed to see. Restricted entities will not show up in the dropdown menus.

User departments

User departments field descriptions
Field Description

Department

Any user of a multi-entity company, whether at the top-level or at the entity-level, can be restricted to work with and see only specific departments. This restriction might affect what data they can see in reports, transactions, and other data records.

  • No restrictions: Users without any listed restrictions have access to all departments in the multi-entity company.
  • Department restrictions: Users with one or more departments included on their Department restrictions list are only able to see those specific departments.

If a user has specified department restrictions, they might experience different results than expected when running reports because the report data they can see is limited to their department restrictions. They will also not be able to view or create transactions or other data records that include a department other than the ones specified on their department restrictions tab.

User territories

User territories field descriptions
Field Description

Territory

Any user of a multi-entity company, whether at the top level or at the entity level, can be assigned to specific territories for categorizing purposes.

Single sign-on tab

Single sign-on tab field descriptions
Field Description

Single sign-on enabled for company

Verify that your company has been enabled for single-sign-on.

Enable single sign-on for this user

Enable SSO for your company this user.

Federated SSO user id

Enter the ID that your SSO identity provider uses to identify this particular user.

2-step verification tab

2-step verification tab field descriptions
Field Description

Primary

The primary method that we use to send the user a verification code is by authenticator app, text, or phone call when they log in.

Backup

When a user can't access their primary verification method, Intacct provides a list of alternative methods and sends a verification code to the alternative or backup method they choose.

Trusted devices

If the user logs in from a device they've identified as trusted, we will not prompt them for a verification code. Ideally, a user identifies a computer as trusted only if they alone log in from it.

If your company is configured to disallow Trusted devices, the user will not be allowed to identify any devices as trusted.

Trusted devices are devices like a laptop or mobile phone where you can save your login information to log in automatically without needing to enter your username, password, or a verification code.