Company content security policy

For technical leads, technical admins, or specialists integrating third-party software with Sage Intacct, you can allow the URLs at the company level here, which affects all pages across Sage Intacct. This is especially useful if you use a third-party security software that adds a browser plugin, or if you use any other third-party plugin which might interfere with Sage Intacct. Only select the necessary directive options for each URL to maintain your company security.

Additionally, to keep your company secure, do not allow page-level customizations in the Company content security policy. If you're unsure if you need to add any domains here, ask your designated support user to contact Support first.

To change your company security features and settings, go to Company > Setup > Configuration > Company > Security tab, then select Edit.

Add a domain

  1. Go to the Company Information page.

    2. To change your company security features and settings, go to Company > Setup > Configuration > Company > Security tab, then select Edit.

  2. Copy and paste the URL of the domain you want to allow into the URL field. For example, if you use the security software plugin Trusteer Rapport, you'd copy and paste https://www.trusteer.com into the URL field.
    3. Content security field descriptions
    Field Description

    Connect

    Defines valid sources for XMLHttpRequest, WebSocket, and EventSource connections.

    Font

    Specifies valid sources for web fonts.

    Frame

    Defines valid sources for loading frames, such as tracking information from FedEx.

    Image

    Specifies valid sources for images, such as images from Google Maps.

    Media

    Specifies valid sources for loading media using audio and video elements.

    Object

    Allows the use of plugins, embeds, and elements, such as an embedded PDF document.

    Script

    Defines valid sources for JavaScript.

    Style

    Specifies valid sources for stylesheets, such as CSS.
  3. Select Save.

Enforce content security policy

Select the Enforce content security policy checkbox to enforce the defined content security policy.

  • If selected: Your defined content security policy will be enforced, which means Sage Intacct will prevent pages from loading content, such as images and JavaScript, from third-party domains not allowed in your policy.
  • If not selected: Your defined content security policy will run as report-only, meaning Sage Intacct will allow pages to load content from third-party domains not allowed in your policy, but you'll be able to see those errors in your browser's console log, which is useful for troubleshooting purposes.
Packages uploaded to companies are also affected by the company's content security policy.