Skip to main content

Overview

The Sage Intacct integration gives your agents read-only access to your Intacct company. Agents can query GL detail, AP bills, AR invoices, vendors, customers, the chart of accounts, and any other Intacct object visible to the connected user — to answer financial questions, reconcile records, and feed reporting, without ever modifying anything in Intacct. The integration is read-only by design for the initial release: the tools only issue Intacct read functions, so agents cannot create, update, or delete records.

Prerequisites

  • A Sage Intacct company with Web Services enabled
  • A Sender ID and Sender Password (the application-level Web Services credential issued by Sage — your Sage account team or implementation partner provides this)
  • A Web Services user in your company (Company > Web Services users) — a dedicated user with read-only permissions on the relevant modules is recommended
  • An Aster admin to connect the integration (the connection is shared org-wide)

Setup Guide

1

Gather credentials

You need five values: the Sender ID + Sender Password (from Sage), and your Company ID, Web Services User ID, and User Password. Multi-entity companies can optionally pin the connection to a single Entity ID.
2

Connect Sage Intacct in Aster Agents

Navigate to Control Hub > Integrations, locate the Sage Intacct card, click Connect, and enter the credentials. Aster validates them live against the Intacct gateway and confirms which company you connected. Sessions are managed automatically from there.
3

Add Tools to Your Agent

Edit your agent and enable Sage Intacct Get Schema and Sage Intacct Query. The agent discovers the available objects and fields at runtime, then queries them.

Available Tools

  • Sage Intacct Get Schema (intacct_get_schema) — Lists every Intacct object visible to the connected user, and returns exact field names, types, and relationships for any object. Agents call this first instead of guessing field names.
  • Sage Intacct Query (intacct_query) — Reads records from any Intacct object with a SQL-ish filter predicate (e.g. TOTALDUE > 1000 AND STATE = 'posted'). Auto-paginates up to a configurable row cap; large result sets spill to a CSV attachment while the inline payload is truncated to a token budget, so big pulls don’t balloon the agent’s context.
Read-only. This release exposes reads only — agents cannot create, update, or delete Intacct records. Write capability is intentionally not wired up.

Example Prompts

Once connected, agents can answer questions like:
  • “List all open AP bills over $10,000 with their due dates.”
  • “Pull GL detail for account 6000 for May 2026.” (the full set spills to a CSV the agent can process in Python)
  • “Which vendors did we onboard this quarter?”
  • “Reconcile AR invoices against this customer remittance file.”

Notes & Limitations

  • Read-only — no writes in this release, by design.
  • Permissions follow the connected user — agents only see the objects and entities the Web Services user can see. Scope that user’s roles accordingly.
  • Filter syntaxintacct_query uses Intacct’s query predicate syntax (=, <, >, like, in, and, or; dates as MM/DD/YYYY), not full SQL — there is no ORDER BY or JOIN.
  • Page size — Intacct pages at 1,000 rows server-side; the tool auto-paginates to reach larger totals.
  • Usage metering — Intacct meters Web Services calls per month by performance tier. Each page of a large pull is one call; prefer narrow filters over bulk pulls on transactional objects.

Security Considerations

  • Org-level connection — one admin connects once for the whole organization. Passwords and session tokens are stored server-side and redacted when the connection is read back in the UI.
  • Read-only by construction — the tools cannot mutate your Intacct company.
  • Use a dedicated Web Services user with least-privilege, read-only roles, so access can be audited and revoked independently.
  • Grant the Intacct tools only to agents that need them.

Troubleshooting

  • The error message says which credential pair failed: sender authentication means the Sender ID/Password; login failed means the Company ID / User ID / Password.
  • Confirm the user is a Web Services user (not just a regular login) and is not locked out.
  • Confirm your Sender ID is authorized for your company under Company > Company Info > Security > Web Services authorizations.
  • Run Sage Intacct Get Schema to confirm the exact object and field names — they’re case-sensitive uppercase identifiers (e.g. GLDETAIL, not GLDetail).
  • Loosen the query predicate; remember dates are MM/DD/YYYY.
  • Check the connected user’s module permissions — objects they can’t read don’t appear at all.
  • Intacct pages at 1,000 rows, so big pulls take several sequential calls. The full set is written to a CSV attachment; the inline preview is intentionally truncated. Have the agent process the CSV (e.g. in execute_python) rather than reading every row inline.
  • Execute Python — process large Intacct result sets (the CSV spillover attachment) with pandas.