Web Services users

This list supports the enhanced lists interface. Learn more about using enhanced lists.

Web Services users exchange information programmatically with Sage Intacct via Web Services API calls—they are not allowed to log in to the UI.

A Web Services user does not provide access to Web Services itself. Rather, a Web Services user is paired with a Web Services sender ID, which is an additional credential that lets you send requests to a Web Services endpoint. You can obtain a sender ID by contacting your Sage Intacct account representative.

Web Services enables you to exchange Sage Intacct information with external applications and integrations. Data is sent or received in the form of API requests that are made through a Web Services endpoint.

For example, you might have a CRM or AP supplier invoice payment system that you want to run externally but post back to Intacct. Web Services works as a mechanism to create, update, read, and delete data.

For information about using the XML API and Web Services, see XML API, REST API, and developer resources.

If you have not already, check out the REST API in the Sage Intacct Developer portal (REST API).

About Web Services users

Web Services users are similar to standard users in terms of how you set them up. They can have the same user types and admin privileges as a standard user, but there are a few key differences, including:

  • Access to the Sage Intacct API through Web Services only

    Web Services users are automatically limited to the API through Web Services access only, meaning they can't log in to your company through the UI.

  • Permission to approve or decline timesheets via API

    The API Proxy permission allows web services users (only) to approve or decline timesheets through an external application via API. The approval history reflects the actions of the web service user.

    Learn more about this Projects permissions.

  • Passwords remain until the admin resets it

    Because many integrations rely on a Web Services user to execute certain functions, Web Services users' passwords do not automatically expire. With Web Services users, an admin is required to reset manually the password via the UI and the user receives a new auto-generated password.

    If you reset a Web Services user's password, you can break an existing integration. Update the password that the integration uses as well.

  • Can’t have single-sign-on or multifactor authentication

    Because Web Services users are programmatic and never log in to the UI, both single-sign on and multifactor authentication are automatically disabled for them.

Add a Web Services user

Add a Web Services user for external applications that need a unique user to use Sage Intacct API calls.

Standard users can also be used to make Web Services requests to the API. For security, never share standard user credentials with external applications or integrations using the API. Instead, create a separate Web Services user and provide those credentials. This allows you to control permissions separately to that application or integration on your own.
Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List and View

  1. Go to Company > Admin > Users, roles, and groups and select Add (circle) next to Web Services users.

  2. Enter a unique User ID.

    • You can’t reuse the user ID of an existing standard user for a Web Services user.
    • The user ID must be unique and cannot be changed after save.

  3. Enter a Username to identify the person in the Web Services Users list.

    If the user is also an employee, the Username does not need to be the same as the name used in the related employee record.

  4. Enter the user's Account email address.

    • This field is used for verification purposes whenever the user initiates or requests a password reset. If a Contact is associated with the user, the Account email address does not have to match the Primary email address of the associated Contact name. Users can update the Account email address from the My preferences page.

  5. You can control the user's ability to log in by changing the Status from active to locked-out or inactive. Learn more about the meaning of each status.

    New users can only be created with a status of Active or Locked out. You can edit a user after creation to change its status to Inactive.
  6. In the Contact name, select an existing contact or create a new contact. Learn more about Contacts.
    • If there’s an existing contact record for the user, be sure to select that contact record.

      If the Web Services user is also an employee, select the employee contact record as the user's Contact name. This creates a link between the user ID and the employee. If you have not already added the user to the Employees list, it's recommended that you do that first before creating the user. Learn more about making an employee a user.

    • If an existing contact record does not exist, add a new contact directly by selecting Add in the Contact name dropdown.
    • The user's Last (family) name and First name are populated from the Contact record.
  7. Select a User type for the user. User type controls the maximum features available to the user, while permissions set what a user can actually do within those restrictions. Learn more about what each user type can do.
  8. For a Business user type, determine whether the user has Admin privileges. If you do not want the user to be an administrator, select Off. Otherwise, select either Limited or Full.

    9. A user with administrator privileges is given the highest possible level of system access, including the ability to:

    • Configure and subscribe to applications
    • Create users
    • Assign permissions to users

    A full administrator has complete administration privileges, including the ability to create other full administrators, access to all features in Platform Services, which let admins edit pages in Intacct.

    Additionally, in role-based companies, full administrators can use the Try role feature. Limited administrators have all administration privileges, except for the aforementioned items.

    Assigning a user as an administrator grants the highest possible level of system access and should be done with discretion.

    Intacct recommends at least two full admins for each company.

    You can assign admin privileges to a Business user; you cannot assign admin privileges to any other user type. The only way to give admin privileges to an individual with a user type other than business, is to first make that individual a Business user.

    Full admins have permissions for different types of tasks. These tasks include creating users, subscribing to applications, payment information, and so on. Limited administrators can have a subset of these specific privileges.

    Both administrators and limited administrators have access to private financial reports so they can manage access to the reports.

  9. When done, Save your changes.
  10. When the confirmation popup appears, select Create, enter your password, and select Verify.

    The new Web Services user will receive an email with their user ID information.

Edit a Web Services user

You can edit a user to update their contact information or reset their password. However, you can’t edit the User ID of the Web Services user. See Field descriptions for more details about the fields that you can edit.

To avoid errors, before you edit the Email address of a user, first edit the Primary email address of the associated Contact name. If you do not have an associated contact assigned to this user, you can edit the email address as usual. Select the View icon beside the Contact name to edit the contact information directly from the User Information page.
Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List, View, and Edit

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Find the Web Services user that you want to edit.

  3. Select More actionsEdit at the end of the row.

  4. Make any changes necessary.

  5. Select Save.

  6. Enter your password and select Verify.

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Find the Web Services user that you want to edit, then select Edit along the same row.
  3. Make any changes necessary.

  4. Select Save.

  5. Enter your password and select Verify.

View a Web Services user

You can view a list of your Web Services users or the details of an individual Web Services user.

Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List and View

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Find the Web Services user you want to view.
  3. Select More actionsView at the end of the row.

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. To view the details of a Web Services user, select View along the same row as the record.

Inactivate or delete a Web Services user

You can inactivate a user to prevent the record from appearing in your Web Services Users list. You can also block a user's ability to make Web Services requests to your company using their user ID.

You can only delete a Web Services user if they have not activated their Web Services user ID. This practice preserves your Audit Trail history.

Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List, View, and Edit

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Find the Web Services user you want to inactivate.

  3. Select More actionsEdit at the end of the row.

  4. In Status, select Inactive.
  5. Save your changes, then enter your password to verify your identity as an admin.

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Select Edit along the same row as the Web Services user that you want to inactivate.
  3. In Status, select Inactive.
  4. Save your changes, then enter your password to verify your identity as an admin.
Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List, View, and Delete

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Find the Web Services user you want to delete.
  3. Select More actions > Delete at the end of the row.
  4. Select Delete in the confirmation dialog box.

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Select Delete along the same row as the appropriate Web Services user.
  3. Select OK in the confirmation dialog box.

Reactivate a Web Services user

If you have a Web Services user that was previously inactivated, you can activate it again.

Subscription

Administration
Regional availability

All regions

User type

Business user with admin privileges
Permissions

Users: List, View, and Edit

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Records designated as Inactive do not appear in the list by default. To view these records, select Filters at the top of the list and select Remove next to the Status filter to remove it.

  3. Find the Web Services user you want to reactivate.

  4. Select More actionsEdit at the end of the row.

  5. In the Status dropdown list, select Active.
  6. Save your changes, then enter your password to verify your identity as an admin.

  1. Go to Company > Admin > Users, roles, and groups > Web Services users.

  2. Select the Include inactive checkbox above the list header.
    The Include inactive checkbox remains selected even if you leave the Web Services users list. Deselect it after this if you want to hide inactive users from your list again.
  3. Select Edit along the same row as the Web Services user that you want to reactivate.
  4. In the Status dropdown list, select Active.
  5. Save your changes, then enter your password to verify your identity as an admin.

Field descriptions

The following tables describe each field on the Web Services users list and the Web Services user information page.

Web Services users list

Buttons

Web Services users list buttons field descriptions
Field Description
Add Adds a new Web Services user.
Create Adds a new Web Services user.
Done Returns you to Company overview page.
Export Exports the list in one of the following formats: CSV, Excel, Word, PDF.

Columns

Web Services users list columns field descriptions
Field Description
Edit Edits the Web Services user along the same row.
View Views the Web Services user along the same row.
User ID The unique user ID of the Web Services user.
Username The name of the Web Services user that appears in lists.
User type The Web Services user's user type. User type reflects the features that this user has access to. Business users can be given access to any features, but other user types have limited access. Learn more about user types.
Admin privileges

Indicates the level of administrator privileges the Web Services user has. There are three possibilities:

  • false: no admin privileges
  • true: limited admin privileges (can’t create another admin user)
  • full: full admin privileges (can create other admin users; can use Try role feature)
Permissions report

Runs the Permissions and roles report for that user. The report which information such as the user ID, roles assigned to the user, type of user, admin privileges, user permissions, and user groups.

If your company does not use roles to manage permissions, the link appears as View permissions.
Groups Displays the names of users and user groups to whom this role is currently assigned.
Preferences Takes you to the Preferences page for the selected user.
Delete Deletes the Web Services user along the same row.

Web Services user information page

Web Services user information page field descriptions
Field Description

User ID

The unique ID Intacct users to identify the Web Services user.

Last (family) name

The last (family) name of the Web Services user.

First name

The first name of the Web Services user. This name does not need to be the same as the employee name.

Email address

The Web Services user's Email address. This field is required for verification purposes whenever the user initiates or requests a password reset. Furthermore, because each user is related to only one contact record, this Email address must match the Primary email address of the associated Contact name.

Before you can edit the Email address of a user, you must first edit the Primary email address of the associated Contact name to avoid system errors. If you do not have an associated contact assigned to this user, you can edit the email address as usual.

Contact name

The contact record associated with the Web Services user. You have a few options:

  • If there’s an existing contact record for the user, be sure to select that contact record.

    If the Web Services user is also an employee, select the employee contact record as the user's Contact name. This creates a link between the User ID and the employee. If you have not already added the user to the Employees list, it's recommended that you do that first before creating the user. Learn more about making an employee a user.

  • If an existing contact record does not exist, add a new contact directly by selecting Add in the Contact name dropdown.
  • If you do not choose a contact in Contact name, then a new contact name will automatically be generated for this user. The new contact will use the user ID as the Suggested contact name (also a unique ID field) of the new, associated contact record. See Contacts for more information.

Username

 Enter the name that you want to use to identify the Web Services user.

User type

 Assign a user type that reflects the features that this user requires. User types define the maximum features that a user can have access to. Business users can be given access to any features, but other user types have limited access. Learn more about what each user type can do.

Admin privileges

Indicate if the user will have administrator privileges. The default is that administrator privileges are off. If you turn them on, choose between making the user a limited or full administrator. A full administrator has complete administration privileges. Full privileges include the ability to create other full administrators, full access to Platform Services features, and, for role-based companies, the ability to use the Try role feature. Limited administrators have all administration privileges, except for the previously mentioned items.

Status

You can control the user's ability to log in by changing the status from active to locked out or inactive.

New users can only be created with a status of Active or Locked out. You can edit a user after creation to change its status to Inactive.
  • Active: The default status is Active, which allows the user to log in and access Intacct.

  • Inactive. This setting retains the user information in your system, but hides the user from lists throughout Intacct. For example, an employee takes a one-year sabbatical. You want to retain the employee's information and turn off access until they return.

    Records designated as Inactive do not appear in the list by default. To view these records, select Filters at the top of the list and select Remove next to the Status filter to remove it.

    If you wish to see the inactive records, you can select the Include inactive checkbox on any list.

    The setting does not work right away if you change it while the user is logged in. The user needs to log out and then log back in for the change to take effect.

  • Locked out: Both Intacct and administrators can set a user's status to Locked out. Intacct sets this status if a user exceeds the allowable number of login attempts as defined on the Company Information page. If Intacct sets status to Locked out, then an administrator must set the status back to active so that the employee can log in again. An administrator can also explicitly set the status to locked out to prevent the user from logging in. The status change takes effect after the user logs out and logs back in..

Reset password

You can reset this user's password as needed. For security reasons, when you reset a user password, you’re required to enter your own password to verify your identity. The Web Services user then receives an email with a permanent password.