Users

Users are individuals who have access to some part of Sage Intacct. Most users are employees, but users might also be outside the company, such as accountants, attorneys, bankers, vendors, customers, or auditors.

Any person that wants to log in through the UI or API must have a unique user record.

List users

get/objects/company-config/user

Returns a collection with a key, ID, and link for each user. This operation is mostly for use in testing; use the query service to find users that meet certain criteria and specify the properties that are returned.

SecurityOAuth2

Responses

200

OK

400

Bad Request

Request samples

Response samples

200
400

application/json

{"ia::result": [{"key": "1",
"id": "Admin",
"href": "/objects/company-config/user/1"
},
{"key": "2",
"id": "Jane Doe",
"href": "/objects/company-config/user/2"
},
{"key": "4",
"id": "Larry Smith",
"href": "/objects/company-config/user/4"
}
],
"ia::meta": {"totalCount": 3,
"start": 1,
"pageSize": 100,
"next": null,
"previous": null
}
}

Create a user

post/objects/company-config/user

Creates a new user. The user must be associated with a new or existing contact.

SecurityOAuth2

Request

Request Body schema: application/json
required

User to create

id

required

string

User login ID. This unique identifier cannot be changed after the user is created.

Example: "john.doe"

accountEmail

required

string

User email address.

Example: "[email protected]"

required

object

The contact associated with this user.

key

string

System-assigned unique key for the contact.

Example: "21"

id

string

Contact ID.

Example: "jsmith"

lastName

string or null

Deprecated

Last name.

Example: "Smith"

firstName

string or null

Deprecated

First name.

Example: "John"

middleName

string or null

Deprecated

Middle name.

Example: "Archibald"

prefix

string or null

Deprecated

Prefix, such as Mr., Mrs., or Ms.

Example: "Mr"

printAs

string

Deprecated

The contact's name as it will appear on documents.

Example: "John Smith"

email1

string or null

Deprecated

Primary email address.

Example: "[email protected]"

email2

string or null

Deprecated

Secondary email address.

Example: "[email protected]"

phone1

string or null

Deprecated

Primary phone number.

Example: "14085551212"

phone2

string or null

Deprecated

Secondary phone number.

Example: "14085559876"

mobile

string or null

Deprecated

Mobile phone number.

Example: "14085554420"

pager

string or null

Deprecated

Pager number.

Example: "14085559987"

fax

string or null

Deprecated

Fax number.

Example: "14085555309"

URL1

string or null

Deprecated

Web page address for this contact.

Example: "https://mycompany.com"

URL2

string or null

Deprecated

Secondary web page address.

Example: "https://anothercompany.com"

companyName

string or null

Deprecated

Name of the company.

Example: "AlcoSoft Inc"

object

Mailing address.

addressLine1	string or null Deprecated The first address line for shipping, billing, etc. Example: "300 Park Avenue"
addressLine2	string or null Deprecated The second address line for shipping, billing, etc. Example: "Suite 1400"
addressLine3	string or null Deprecated The third address line for shipping, billing, etc. which provides additional geographical information. Example: "Western industrial area"
city	string or null Deprecated City. Example: "San Jose"
state	string or null Deprecated State. Example: "California"
postCode	string or null Deprecated Zip or Postal Code. Example: "95110"
country	string or null Deprecated Default: "US" Country. This field is deprecated, please use `isoCountryCode`. Example: "United States"
isoCountryCode	string or null Deprecated Default: "US" ISO country code. This field takes prevalence over `country` which is now deprecated. Example: "US"

userName

string

The name that will be used to identify the user. This name is displayed in the user interface.

Example: "John Doe"

userType

string

Default: "business"

The user type for this user. User types determines the maximum set of features and activities that a user can access and perform in Intacct. The things a user can do also depend on the permissions that are assigned to the user. For more information see User types

Enum: "business" "constructionManager" "crm" "dashboard" "employee" "paymentApprover" "platform" "projectManager" "viewOnly" "warehouse"

Example: "employee"

adminPrivileges

string

Default: "off"

User admin privileges.

off - No admin privileges
full - Complete administration privileges including the ability to create other full administrators and use Platform Services features. Requires that userType is set to business.
limited - All administration privileges, except for the previously mentioned items. Requires that userType is set to business.

Enum: "full" "limited" "off"

Example: "off"

status

string

Default: "active"

User status.

active - The user can log in and access Intacct.
inactive - Hides the user from lists throughout Intacct but retains the user information in the system. Cannot be used when creating a new user.
lockedOut - Set by Intacct due to too many failed login attempts, or by an administrator to prevent the user from logging in. The user cannot log in until an administrator sets the status to active.

Enum: "active" "inactive" "lockedOut"

Example: "active"

object

Settings for use of the Sage Intacct Web Services (API).

isEnabled	boolean Default: true Specifies whether the user is allowed to use web services. Example: true
isRestricted	boolean Default: false Specifies whether the user is restricted to Web Services only. That is, when set to `true` the user cannot log in to the Sage Intacct user interface. Example: true

object

Password properties.

neverExpires	boolean Default: false Specified whether the user's password expires. Set to `true` to prevent the user's password from expiring. Use this setting only for Web Services API users. Example: true
requiresReset	boolean Default: false Set to `true` to trigger the password reset flow for the user. Example: false
disablePassword	boolean Default: false Specifies whether password requirements are disabled for the user. Example: false

object

Single sign-on settings for the user.

isSSOEnabled	boolean Default: false Specifies whether single sign-on is enabled for the user. Example: true
federatedSSOId	string Federated SSO user ID. Example: "john.doe"

object

Entity level restrictions.

allowUnrestrictedAccess	boolean Default: true Specified whether the user can access all entities in the company. Set to `false` to restrict the user to the entities listed in the `entities` array. Example: true
allowTopLevelAccess	boolean Default: false Specifies whether the user can access the top-level entity in the company. It's a best practice to enable access to the top level for all users who are restricted to a single entity in a multi-entity shared company. Example: false

trustedDevices

string

Default: "companyDefault"

Whether to recognize trusted devices for the user-- always, never, or use the company setting.

Enum: "always" "companyDefault" "never"

Example: "always"

isChatterDisabled

boolean

Default: false

Specifies whether the Intacct Collaborate feature is disabled for the user.

Example: false

hideOtherDepartmentTransactions

boolean

Default: false

Specifies whether to hide transactions from this user that do not belong to the departments listed in the departments array.

Example: false

Array of objects

Deprecated

This field is deprecated, please use entities.

Array

key	string Location key.
id	string Location ID.

Array of objects

Company entities that the user is allowed to view and work with. Leave empty to allow the user to work with all entities.

Array

key	string Unique key for the entity. Example: "42"
id	string Entity ID. Example: "PNW"

Array of objects

Departments that the user is allowed to view and work with. Leave empty to allow the user to work with all departments.

Array

key	string Unique key for the department. Example: "79"
id	string Department ID. Example: "Sales"

Array of objects

List of territories that the user is assigned to.

Array

key	string Unique key for the territory. Example: "9"
id	string Territory ID. Example: "T1"

Array of objects

List of roles assigned to the user. The array will be empty for companies that have user-based permissions.

Array

key	string Unique key for the role. Example: "7"
id	string Role ID. Example: "Employee"

Array of objects

Array of objects that define the permissions and access rights assigned to the user.

Array

object

Reference to a permission that is assigned to the user.

accessRights

Array of strings

List of functions or tasks that the user can perform for the specified permission. Note that not all permissions support all functions and tasks.

Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"

Example: ["list","readonly","add","modify","delete"]

Array of objects

Array of objects that define the user's permissions and access rights for custom applications.

Array

object

accessRights

Array of strings

Permission access rights.

Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"

Example: ["list","readonly","add","modify","delete"]

object

The entity that the user is associated with. Users created at the top level do not have an entity reference so the key, id, and name properties will be null.

key	string Unique key for the entity. Example: "54"
id	string Entity ID. Example: "313131"

Responses

201

Created

400

Bad Request

Request samples

application/json

{"id": "Admin",
"userName": "Admin",
"userType": "business",
"accountEmail": "[email protected]",
"adminPrivileges": "full",
"contact": {"id": "jsmith",
"permissionAssignments": [{"permission": {"key": "404"
},
"accessRights": ["list",
"delete"
]
},
{"permission": {"key": "253"
},
"accessRights": ["list"
]
}
]
},
"customPermissionAssignments": [{"application": {"key": "10002",
"permission": [{"name": "Product Lines",
"group": "objects"
}
]
},
"accessRights": ["list",
"readonly",
"template"
]
}
]
}

Response samples

201
400

application/json

{"ia::result": {"key": "102",
"id": "Admin",
"href": "/objects/company-config/user/102"
},
"ia::meta": {"totalCount": 1,
"totalSuccess": 1,
"totalError": 0
}
}

Get a user

get/objects/company-config/user/{key}

Returns detailed information for a specified user.

SecurityOAuth2

Request

path Parameters

key

required

string

System-assigned key for a user.

Example: 65

Responses

200

OK

400

Bad Request

Request samples

Response samples

200
400

application/json

{"ia::result": {"id": "Admin",
"userName": "Admin",
"accountEmail": "[email protected]",
"contact": {"mailingAddress": {"addressLine1": "744 Edgewater Blvd",
"addressLine2": "Apt 104",
"addressLine3": "Western industrial area",
"city": "San Jose",
"state": "CA",
"postCode": "95110",
"country": "United States"
},
"id": "contact01650967341",
"lastName": "John",
"firstName": "E.",
"middleName": "Doe",
"prefix": "Mr",
"printAs": "John E. Doe",
"email1": "[email protected]",
"email2": "[email protected]",
"phone1": "6692248123",
"phone2": null,
"mobile": "1222455566",
"pager": null,
"fax": "1222455566",
"URL1": "http://john.example.com",
"URL2": null,
"companyName": "Sage Inc",
"key": "3446",
"href": "/objects/company-config/contact/3446"
},
"adminPrivileges": "off",
"userType": "business",
"webServices": {"isEnabled": true,
"isRestricted": false
},
"status": "active",
"entityAccess": {"allowUnrestrictedAccess": true,
"allowTopLevelAccess": false
},
"password": {"neverExpires": true,
"requiresReset": false,
"disablePassword": false
},
"audit": {"createdDateTime": "2022-04-26T10:17:12Z",
"modifiedDateTime": "2022-04-26T11:05:26Z",
"createdBy": "12",
"modifiedBy": "13",
"createdByUser": {"key": "12",
"id": "Admin",
"href": "/objects/company-config/user/12"
},
"modifiedByUser": {"key": "13",
"id": "Aman",
"href": "/objects/company-config/user/13"
}
},
"key": "65",
"isChatterDisabled": false,
"hideOtherDepartmentTransactions": false,
"entity": {"key": "54",
"id": "313131",
"name": "Central Region",
"href": "/objects/company-config/entity/54"
},
"locations": [{"key": "87",
"id": "London",
"href": "/objects/company-config/location/87"
},
{"key": "92",
"id": "Paris",
"href": "/objects/company-config/location/92"
}
],
"departments": [{"key": "55",
"id": "Sales",
"href": "/objects/company-config/department/55"
},
{"key": "65",
"id": "Accounting",
"href": "/objects/company-config/department/65"
}
],
"territories": [{"key": "22",
"id": "South",
"href": "/objects/accounts-receivable/territory/22"
},
{"key": "32",
"id": "West",
"href": "/objects/accounts-receivable/territory/32"
}
],
"roles": [{"key": "2",
"id": "::SYS::Multi Entity Shared-ROLE-FOR - Admin",
"href": "/objects/company-config/role/2"
},
{"key": "23",
"id": "::SYS::Multi Entity Shared-ROLE-FOR - User",
"href": "/objects/company-config/role/23"
}
],
"permissionAssignments": [{"permission": {"id": "404",
"key": "404",
"href": "/objects/company-config/permission/404"
},
"accessRights": ["list",
"delete"
]
},
{"permission": {"id": "253",
"key": "253",
"href": "/objects/company-config/permission/253"
},
"accessRights": ["list",
"delete"
]
}
],
"customPermissionAssignments": [{"application": {"key": "10002",
"id": "Intacct Database Services",
"href": "/objects/platform/custom-application/10002",
"permission": [{"name": "Product Lines",
"group": "objects"
}
]
},
"accessRights": ["list",
"readonly"
]
}
],
"sso": {"isSSOEnabled": true,
"federatedSSOId": "john.doe"
},
"trustedDevices": "never",
"href": "/objects/company-config/user/65"
},
"ia::meta": {"totalCount": 1,
"totalSuccess": 1,
"totalError": 0
}
}

Update a user

patch/objects/company-config/user/{key}

Updates an existing user by setting field values. Any fields not provided remain unchanged.

SecurityOAuth2

Request

path Parameters

key

required

string

System-assigned key for a user.

Example: 65

Request Body schema: application/json

userName

string

The name that will be used to identify the user. This name is displayed in the user interface.

Example: "John Doe"

accountEmail

string

User email address.

Example: "[email protected]"

userType

string

Default: "business"

The user type for this user. User types determines the maximum set of features and activities that a user can access and perform in Intacct. The things a user can do also depend on the permissions that are assigned to the user. For more information see User types

Enum: "business" "constructionManager" "crm" "dashboard" "employee" "paymentApprover" "platform" "projectManager" "viewOnly" "warehouse"

Example: "employee"

adminPrivileges

string

Default: "off"

User admin privileges.

off - No admin privileges
full - Complete administration privileges including the ability to create other full administrators and use Platform Services features. Requires that userType is set to business.
limited - All administration privileges, except for the previously mentioned items. Requires that userType is set to business.

Enum: "full" "limited" "off"

Example: "off"

status

string

Default: "active"

User status.

active - The user can log in and access Intacct.
inactive - Hides the user from lists throughout Intacct but retains the user information in the system. Cannot be used when creating a new user.
lockedOut - Set by Intacct due to too many failed login attempts, or by an administrator to prevent the user from logging in. The user cannot log in until an administrator sets the status to active.

Enum: "active" "inactive" "lockedOut"

Example: "active"

object

Settings for use of the Sage Intacct Web Services (API).

isEnabled	boolean Default: true Specifies whether the user is allowed to use web services. Example: true
isRestricted	boolean Default: false Specifies whether the user is restricted to Web Services only. That is, when set to `true` the user cannot log in to the Sage Intacct user interface. Example: true

object

Password properties.

neverExpires	boolean Default: false Specified whether the user's password expires. Set to `true` to prevent the user's password from expiring. Use this setting only for Web Services API users. Example: true
requiresReset	boolean Default: false Set to `true` to trigger the password reset flow for the user. Example: false
disablePassword	boolean Default: false Specifies whether password requirements are disabled for the user. Example: false

object

Single sign-on settings for the user.

isSSOEnabled	boolean Default: false Specifies whether single sign-on is enabled for the user. Example: true
federatedSSOId	string Federated SSO user ID. Example: "john.doe"

object

Entity level restrictions.

allowUnrestrictedAccess	boolean Default: true Specified whether the user can access all entities in the company. Set to `false` to restrict the user to the entities listed in the `entities` array. Example: true
allowTopLevelAccess	boolean Default: false Specifies whether the user can access the top-level entity in the company. It's a best practice to enable access to the top level for all users who are restricted to a single entity in a multi-entity shared company. Example: false

object

The contact associated with this user.

key

string

System-assigned unique key for the contact.

Example: "21"

id

string

Contact ID.

Example: "jsmith"

lastName

string or null

Deprecated

Last name.

Example: "Smith"

firstName

string or null

Deprecated

First name.

Example: "John"

middleName

string or null

Deprecated

Middle name.

Example: "Archibald"

prefix

string or null

Deprecated

Prefix, such as Mr., Mrs., or Ms.

Example: "Mr"

printAs

string

Deprecated

The contact's name as it will appear on documents.

Example: "John Smith"

email1

string or null

Deprecated

Primary email address.

Example: "[email protected]"

email2

string or null

Deprecated

Secondary email address.

Example: "[email protected]"

phone1

string or null

Deprecated

Primary phone number.

Example: "14085551212"

phone2

string or null

Deprecated

Secondary phone number.

Example: "14085559876"

mobile

string or null

Deprecated

Mobile phone number.

Example: "14085554420"

pager

string or null

Deprecated

Pager number.

Example: "14085559987"

fax

string or null

Deprecated

Fax number.

Example: "14085555309"

URL1

string or null

Deprecated

Web page address for this contact.

Example: "https://mycompany.com"

URL2

string or null

Deprecated

Secondary web page address.

Example: "https://anothercompany.com"

companyName

string or null

Deprecated

Name of the company.

Example: "AlcoSoft Inc"

object

Mailing address.

addressLine1	string or null Deprecated The first address line for shipping, billing, etc. Example: "300 Park Avenue"
addressLine2	string or null Deprecated The second address line for shipping, billing, etc. Example: "Suite 1400"
addressLine3	string or null Deprecated The third address line for shipping, billing, etc. which provides additional geographical information. Example: "Western industrial area"
city	string or null Deprecated City. Example: "San Jose"
state	string or null Deprecated State. Example: "California"
postCode	string or null Deprecated Zip or Postal Code. Example: "95110"
country	string or null Deprecated Default: "US" Country. This field is deprecated, please use `isoCountryCode`. Example: "United States"
isoCountryCode	string or null Deprecated Default: "US" ISO country code. This field takes prevalence over `country` which is now deprecated. Example: "US"

trustedDevices

string

Default: "companyDefault"

Whether to recognize trusted devices for the user-- always, never, or use the company setting.

Enum: "always" "companyDefault" "never"

Example: "always"

isChatterDisabled

boolean

Default: false

Specifies whether the Intacct Collaborate feature is disabled for the user.

Example: false

hideOtherDepartmentTransactions

boolean

Default: false

Specifies whether to hide transactions from this user that do not belong to the departments listed in the departments array.

Example: false

Array of objects

Deprecated

This field is deprecated, please use entities.

Array

key	string Location key.
id	string Location ID.

Array of objects

Company entities that the user is allowed to view and work with. Leave empty to allow the user to work with all entities.

Array

key	string Unique key for the entity. Example: "42"
id	string Entity ID. Example: "PNW"

Array of objects

Departments that the user is allowed to view and work with. Leave empty to allow the user to work with all departments.

Array

key	string Unique key for the department. Example: "79"
id	string Department ID. Example: "Sales"

Array of objects

List of territories that the user is assigned to.

Array

key	string Unique key for the territory. Example: "9"
id	string Territory ID. Example: "T1"

Array of objects

List of roles assigned to the user. The array will be empty for companies that have user-based permissions.

Array

key	string Unique key for the role. Example: "7"
id	string Role ID. Example: "Employee"

Array of objects

Array of objects that define the permissions and access rights assigned to the user.

Array

object

Reference to a permission that is assigned to the user.

accessRights

Array of strings

List of functions or tasks that the user can perform for the specified permission. Note that not all permissions support all functions and tasks.

Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"

Example: ["list","readonly","add","modify","delete"]

Array of objects

Array of objects that define the user's permissions and access rights for custom applications.

Array

object

accessRights

Array of strings

Permission access rights.

Items Enum: "ach" "achSetup" "add" "addExpense" "apiProxy" "approvalLevel1" "approvalLevel2" "approvalLevel3" "approvalLevel4" "approvalLevel5" "approvalLevel6" "authorize" "calendar" "cancel" "clone" "close" "config" "confirm" "delete" "deleteExpense" "edit" "editExpense" "enable" "export" "final" "financial" "group" "ignore" "impersonate" "import" "level1" "level2" "level3" "level4" "level5" "level6" "list" "listExpenses" "manualMatch" "mapAccount" "menu" "modify" "offsetAccount" "open" "overrideException" "permission" "post" "print" "readonly" "readonlyExpense" "receipts" "reclass" "reclassExpense" "reconcile" "refresh" "release" "reopen" "report" "resend" "reversalEdit" "reverse" "reverseExpense" "run" "statutoryReportingPeriod" "submit" "subscribe" "template" "uncancel" "unmask" "upload" "view" "viewAll" "void"

Example: ["list","readonly","add","modify","delete"]

object

The entity that the user is associated with. Users created at the top level do not have an entity reference so the key, id, and name properties will be null.

key	string Unique key for the entity. Example: "54"
id	string Entity ID. Example: "313131"

Responses

200

OK

400

Bad Request

Request samples

application/json

{"userName": "Admin",
"status": "inactive",
"permissionAssignments": [{"permission": {"key": "404"
},
"accessRights": ["list"
]
}
],
"customPermissionAssignments": [{"application": {"key": "10002",
"permission": [{"name": "Custom Dimensions",
"group": "objects"
}
]
},
"accessRights": ["list",
"readonly",
"template"
]
}
]
}

Response samples

200
400

application/json

{"ia::result": {"key": "65",
"id": "Admin",
"href": "/objects/company-config/user/65"
},
"ia::meta": {"totalCount": 1,
"totalSuccess": 1,
"totalError": 0
}
}

Delete a user

delete/objects/company-config/user/{key}

After a user logs in to Sage Intacct, they cannot be deleted. Users are preserved to maintain the audit trail throughout Intacct.

SecurityOAuth2

Request

path Parameters

key

required

string

System-assigned key for a user.

Example: 65

Responses

204

No Content

400

Bad Request

Request samples

Response samples

400

application/json

{"ia::result": {"ia::error": {"code": "invalidRequest",
"message": "A POST request requires a payload",
"errorId": "REST-1028",
"additionalInfo": {"messageId": "IA.REQUEST_REQUIRES_A_PAYLOAD",
"placeholders": {"OPERATION": "POST"
},
"propertySet": { }
},
"supportId": "Kxi78%7EZuyXBDEGVHD2UmO1phYXDQAAAAo"
}
},
"ia::meta": {"totalCount": 1,
"totalSuccess": 0,
"totalError": 1
}
}

Users

List users

Create a user

Request Body schema: application/jsonrequired

Get a user

path Parameters

Update a user

path Parameters

Request Body schema: application/json

Delete a user

path Parameters

Request Body schema: application/json
required