Tutorial: Azure Active Directory integration with Intacct
In this tutorial, you learn how to integrate Intacct with Azure Active Directory (Azure AD).
Integrating Intacct with Azure AD provides you with the following benefits:
- You can control in Azure AD who has access to Intacct
- You can enable your users to automatically get signed-on to Intacct (Single Sign-On) with their Azure AD accounts
- You can manage your accounts in one central location - the Azure portal
If you want to know more details about SaaS app integration with Azure AD, see what is application access and single sign-on with Azure Active Directory.
To configure Azure AD integration with Intacct, you need the following items:
- An Azure AD subscription
- An Intacct single sign-on enabled subscription
To test the steps in this tutorial, we do not recommend using a production environment.
To test the steps in this tutorial, you should follow these recommendations:
- Do not use your production environment, unless it is necessary.
- If you don't have an Azure AD trial environment, you can get a one-month trial here.
In this tutorial, you test Azure AD single sign-on in a test environment. The scenario outlined in this tutorial consists of two main building blocks:
- Adding Intacct from the gallery
- Configuring and testing Azure AD single sign-on
Adding Intacct from the gallery
To configure the integration of Intacct into Azure AD, you need to add Intacct from the gallery to your list of managed SaaS apps.
To add Intacct from the gallery, perform the following steps:
In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
Navigate to Enterprise applications. Then go to All applications.
To add new application, click New application button on the top of dialog.
In the search box, type Intacct.
In the results panel, select Intacct, and then click Add button to add the application.
Configuring and testing Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with Intacct based on a test user called "Britta Simon".
For single sign-on to work, Azure AD needs to know what the counterpart user in Intacct is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Intacct needs to be established.
In Intacct, assign the value of the user name in Azure AD as the value of the Username to establish the link relationship.
To configure and test Azure AD single sign-on with Intacct, you need to complete the following building blocks:
- Configuring Azure AD Single Sign-On - to enable your users to use this feature.
- Creating an Azure AD test user - to test Azure AD single sign-on with Britta Simon.
- Creating an Intacct test user - to have a counterpart of Britta Simon in Intacct that is linked to the Azure AD representation of user.
- Assigning the Azure AD test user - to enable Britta Simon to use Azure AD single sign-on.
- Testing Single Sign-On - to verify whether the configuration works.
Configuring Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Intacct application.
To configure Azure AD single sign-on with Intacct, perform the following steps:
In the Azure portal, on the Intacct application integration page, click Single sign-on.
On the Single sign-on dialog, select Mode as SAML-based Sign-on to enable single sign-on.
On the Intacct Domain and URLs section, perform the following steps:
In the Reply URL textbox, type a URL using the following pattern:
This value is not real. Update this value with the actual Reply URL. Contact Intacct support team to get this value.
On the SAML Signing Certificate section, click Certificate(Base64) and then save the certificate file on your computer.
Click Save button.
On the Intacct Configuration section, click Configure Intacct to open Configure sign-on window. Copy the SAML Entity ID and SAML Single Sign-On Service URL from the Quick Reference section.
In a different web browser window, sign in to your Intacct company site as an administrator.
Click the Company tab, and then click Company Info.
Click the Security tab, and then click Edit.
In the Single sign on (SSO) section, perform the following steps:
a. Select Enable single sign on.
b. As Identity provider type, select SAML 2.0.
c. In Issuer URL textbox, paste the value of SAML Entity ID which you have copied from Azure portal.
d. In Login URL textbox, paste the value of SAML Single Sign-On Service URL which you have copied from Azure portal.
e. Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then paste it to the Certificate box.
f. Click Save.
You can now read a concise version of these instructions inside the Azure portal, while you are setting up the app! After adding this app from the Active Directory > Enterprise Applications section, simply click the Single Sign-On tab and access the embedded documentation through the Configuration section at the bottom. You can read more about the embedded documentation feature here: Azure AD embedded documentation
Creating an Azure AD test user
The objective of this section is to create a test user in the Azure portal called Britta Simon.
To create a test user in Azure AD, perform the following steps:
In the Azure portal, on the left navigation pane, click Azure Active Directory icon.
To display the list of users, go to Users and groups and click All users.
To open the User dialog, click Add on the top of the dialog.
On the User dialog page, perform the following steps:
a. In the Name textbox, type BrittaSimon.
b. In the User name textbox, type the email address of BrittaSimon.
c. Select Show Password and write down the value of the Password.
d. Click Create.
Creating an Intacct test user
To set up Azure AD users so they can sign in to Intacct, they must be provisioned into Intacct. For Intacct, provisioning is a manual task.
To provision user accounts, perform the following steps:
Sign in to your Intacct tenant.
Click the Company tab, and then click Users.
Click the Add tab.
In the User Information section, perform the following steps:
a. Enter the User ID, the Last name, First name, the Email address, the Title, and the Phone of an Azure AD account that you want to provision into the User Information section.
b. Select the Admin privileges of an Azure AD account that you want to provision.
c. Click Save. The Azure AD account holder receives an email and follows a link to confirm their account before it becomes active.
To provision Azure AD user accounts, you can use other Intacct user account creation tools or APIs that are provided by Intacct.
Assigning the Azure AD test user
In this section, you enable Britta Simon to use Azure single sign-on by granting access to Intacct.
To assign Britta Simon to Intacct, perform the following steps:
In the Azure portal, open the applications view, and then navigate to the directory view and go to Enterprise applications then click All applications.
In the applications list, select Intacct.
In the menu on the left, click Users and groups.
Click Add button. Then select Users and groups on Add Assignment dialog.
On Users and groups dialog, select Britta Simon in the Users list.
Click Select button on Users and groups dialog.
Click Assign button on Add Assignment dialog.
Testing single sign-on
In this section, you test your Azure AD single sign-on configuration by using the Access Panel.
When you click the Intacct tile in the Access Panel, you should be automatically signed in to your Intacct application.