Single sign on models

Before submitting your app for review, you must decide whether your app will implement Intuit single sign-on.
With Intuit single sign-on
Implementing Intuit single sign-on is the best way to provide a simple sign-in experience to your users.
qbo/docs/list-on-the-app-store/SSO.gif
With Intuit Single Sign On, your application uses OpenID to allow your users to sign in directly to your application without being prompted to create a new account or password on your site. A user signs in only once, using their Intuit credentials.
There are two forms of Intuit single sign-on:
Standard (Recommended)
This will allow your user to sign in to your app using Intuit credentials, without being prompted to create a new account or password on your app. They only need to sign in once.
qbo/docs/list-on-the-app-store/sign-on.png

Note

Note

If you are using Standard single sign on, it is mandatory to add the Sign in with Intuit button on all of your sign-in pages.

Modified
You would use this if your customers really need to create an identity and password on your site. With Modified Single Sign-On, you must still implement OpenID, but your app may then direct users to creat an account on your app’s website.

Note

Note

If your app operates on mobile or tablet devices, you would want to use this model since ‘Sign in with Intuit’ does not work on mobile and tablet devices.

qbo/docs/list-on-the-app-store/sign-on.png
Adding the Sign in with Intuit button to your sign-in pages is optional in this model.
Without Intuit single sign-on
Your app need not use Intuit Single Sign-On in order to be published on the QuickBooks app store. This publishing model is intended for apps that:
  • Cannot support Intuit single sign-on with OpenID.
  • Do not have a seamless free trial sign up experience (i.e., requires lengthy setup).
  • Are mobile-only applications with no SaaS version of the app.

Note

Note

Mobile- or desktop-based apps that implement OAuth 2.0 must provide a separate SaaS layer for the Redirect URI to handle responses from the OAuth 2.0 server.

What’s next