Implement Intuit Single Sign-on

During app development, you need to set up the authorization flow so your users can connect their QuickBooks Online companies to your app. There are a few ways to handle the UI:

Intuit Single Sign-on (SSO) uses OpenID Connect for authorization. Your app listing on the QuickBooks App Store also gets a “Get app now” button that users can select to start the connection and authorization flow. This lets them sign in and authorize your app using their existing Intuit user ID and password.

After users conenct for the first time, we’ll continue using their Intuit credentials (i.e. user ID and password) to sign them in whenever they open your app.

Note: Mobile and desktop-based apps that implement OAuth 2.0 must provide a separate SaaS layer for the redirect URI to handle responses from the Intuit OAuth 2.0 server.
Step 1: Decide if Intuit Single Sign-on is right for you

Before you list your app on the QuickBooks App Store, decide if you want to implement Intuit Single Sign-on.

Changing authorization models later on will require you to resubmit your app to our review team.

You don’t need to implement Intuit Single Sign-on to list your app on the QuickBooks App Store. However, if you don’t use SSO, users will need to sign in using your app’s credentials every time they launch it. Additionally, your app’s page on QuickBooks App Store only gets a “Learn more” button instead of a “Get app now” link. The “Learn more” button redirects users to your website instead of starting the authorization flow, which introduces friction in the sign-up and app connection flow.

Step 2: Set up OpenID Connect

If you haven’t already, set up OpenID Connect. This is required.

Step 3: Design your app’s sign-in experience

Follow the section for the experience you want for your users.

If your app is a software as a service (SaaS) web app and isn’t mobile

Since Intuit Single Sign-on lets users connect with their existing Intuit credentials, your app needs to be able to manage multiple QuickBooks Company connections from the same user profile. Map connections based on each unique company’s realmID.

You can add a “Sign in with Intuit” button to your app’s sign-in pages. This should let users connect to your app using their existing Intuit credentials (i.e. user ID and password). If you need help designing the UI, here are visual assets and best practices.

Important: The “Sign in with Intuit” button won’t work on mobile devices or tablets.

When users select the “Sign in with Intuit” button, the browser should redirect them to the authorization flow via Intuit’s Sign-in window. From there, they can sign in with their existing Intuit credentials, or sign up to create a new Intuit account.

Once users authorize your app and we authenticate them, you can proceed to automatically sign them in to your app (and create a new account for them if needed).

qbo/docs/develop/authentication-and-authorization/sign-on.png

Now, whenever users open your app in QuickBooks Online, or select on the “Sign in with Intuit” button on your app’s sign-in pages, we’ll automatically authenticate and seamlessly sign them in to your app.


If your app is a mobile or desktop app, or you require users to create or use their existing dedicated sign-in credentials for your app

If you need (or want) users to use your app’s sign in features, or create an account directly from your website, you can still implement OpenID Connect and utilize Intuit’s authentication features.

Since this method doesn’t automatically sign users in to your app, the “Sign in with Intuit” button isn’t required. Instead, you can redirect users to your app’s website so they can create or sign in with an existing account.

On subsequent sign in attempts, returning users that previously authenticated during the authorization flow must be automatically signed in to your app.

This lets your app use Intuit Single Sign-on features for mobile devices or desktop apps where the “Sign in with” Intuit button isn’t practical. Now, whenever users open your app from QuickBooks Online, we’ll automatically authenticate and seamlessly sign them in to your app.

Step 4: Support multiple company connections

To ensure data stays synced for users with multiple QuickBooks Online companies, we recommend you enable the “Accountant Ready” option. This is the only way to display your app in the Apps tab in QuickBooks Online Accountant.

While this is labeled as an accountant-specific feature, it’s useful for any QuickBooks Online user with multiple companies, not just accountants supporting multiple clients in QuickBooks Online Accountant.