Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to Intacct

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to Intacct

            Let your users log in to Intacct using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            When you set up Intacct as a service provider and create a connected app in Salesforce, users can access Intacct using their Salesforce login credentials. Intacct supports the SAML protocol for both identity provider–initiated and service provider–initiated SSO.

            Follow these high-level steps to configure SSO for Salesforce to Intacct.

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            The My Domain feature also creates a certificate and key pair. The certificate establishes trust between your Salesforce org and ADP. Optionally, you can use another self-signed certificate or import a CA-signed certificate.

            To download the Salesforce self-signed certificate:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Certificate.

            Configure SAML Settings in Intacct

            1. Log in to your Intacct account as an administrator.
            2. Under Company and Company Info, select Single Sign On.
            3. Click Edit.
            4. On the Single Sign On tab, select Single Sign On Enabled.
            5. For SSO Identity Provider Type, select SAML 2.0.
            6. For SSO Issuer URL, enter a unique identity for this service provider. You enter this URL as the entity ID when you configure a Salesforce connected app.
            7. For SSO Login URL, enter https://MyDomainName.my.salesforce.com/idp/endpoint/HttpRedirect.
            8. Copy the content of your Salesforce certificate between the Begin Certificate and End Certificate labels, and paste it in SSO Certificate.
            9. Save your changes.

              SAML settings in Intacct

            10. On the Company tab, click Users.

              under company, select users

            11. Configure SSO for a user.
              1. Choose the user from the list, and click Edit.

                select the user to enable SSO for that user

              2. On the user information page, click the Single Sign On tab.

                edit settings for the user

              3. Select Enable Single Sign On.

                enter the federated SSO user ID

              4. For Federated SSO user id, enter a value to identify the user. This value corresponds to the subject type that you define in the Salesforce connected app.
              5. Save the settings.

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              • In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              • In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the Intacct connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce needs to contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your Intacct application in the Salesforce App Launcher.

              basic settings for the connected app

            3. Configure the connected app Web App settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the SSO issuer URL that you configured in the Intacct SAML settings, for example, https://saml.intacct.com.
              3. For ACS URL, enter the Assertion Consumer Service URL, for example, https://trial.intacct.com/ia/acct/sso_response.phtml.
              4. Select a subject type, for example, Username. The subject type is the method attribute by which the Intacct federated SSO user ID maps to a unique Salesforce user identity.
              5. For Name ID Format, keep the default value.
              6. For Issuer, keep the default value, which is your My Domain login URL.
              7. For IdP Certificate, keep the default (Default IdP Certificate).

              web app settings for the connected app

            4. Save the settings.
            5. Configure profiles and permission sets for the connected app.
              1. From Setup, enter Apps in the Quick Find box.
                • If you’re using Lightning Experience, select Manage Connected Apps.
                • If you’re using Salesforce Classic, under Manage Apps, select Connected Apps.
              2. Click the name of your connected app for Intacct. The connected app detail page appears.
              3. Click Manage Profiles or Manage Permission Sets, and add profiles or permission sets for the users who can access this app.
            6. In Salesforce, enter the start URL for the connected app.
              1. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
              2. On the connected app detail page, click Edit Policies.
              3. For Start URL, paste the IdP-initiated login URL.
              4. Save the settings.

            Test the SSO Configuration

            1. In Salesforce, from the App Launcher, find and open the Intacctapp. If you configured the Intacct logo and icon for the connected app, the App Launcher displays them. If identity provider–initiated SSO is configured properly, Salesforce creates an application session.
            2. To test service provider–initiated SSO, enter the URL to log in to your Intacct account, for example, https://trial.intacct.com/ia/acct/login.phtml?.sample=1&_company=Company_Id, where Company_Id is your Intacct company. For example, enter https://trial.intacct.com/ia/acct/login.phtml?.sample=1&_company=Sample+wwwzpcl. If SSO is configured properly, you’re prompted to use SSO. Click Use single sign on and Sign in. This action redirects you to Salesforce to enter your credentials. If SSO authentication is successful, you’re logged in to your Intacct account.

            See Also

             
            Loading
            Salesforce Help | Article