Before submitting your app for review, you must decide whether your app will implement Intuit single sign-on.
With Intuit single sign-on
Implementing Intuit single sign-on is the best way to provide a simple sign-in experience to your users.
With Intuit Single Sign On, your application uses OpenID to allow your users to sign in directly to your application without being prompted to create a new account or password on your site. A user signs in only once, using their Intuit credentials.
There are two forms of Intuit single sign-on:
This will allow your user to sign in to your app using Intuit credentials, without being prompted to create a new account or password on your app. They only need to sign in once.
If you are using Standard single sign on, it is mandatory to add the Sign in with Intuit button on all of your sign-in pages. To enable your user to sign into your app with their Intuit user ID (email) and password, provide the Sign in with Intuit button in your app. Upon clicking this button, the browser is redirected to the Intuit App Center sign-in window, which prompts the user to log in with their Intuit user ID (email) and password. If you’re implementing modified single sign-on, adding this button is optional.
You would use this if your customers really need to create an identity and password on your site. With Modified Single Sign-On, you must still implement OpenID, but your app may then direct users to creat an account on your app’s website.
If your app operates on mobile or tablet devices, you would want to use this model since ‘Sign in with Intuit’ does not work on mobile and tablet devices.
Adding the Sign in with Intuit button to your sign-in pages is optional in this model.
Without Intuit single sign-on
Your app need not use Intuit Single Sign-On in order to be published on the QuickBooks app store. This publishing model is intended for apps that:
- Cannot support Intuit single sign-on with OpenID.
- Do not have a seamless free trial sign up experience (i.e., requires lengthy setup).
- Are mobile-only applications with no SaaS version of the app.
Mobile- or desktop-based apps that implement OAuth 2.0 must provide a separate SaaS layer for the Redirect URI to handle responses from the OAuth 2.0 server.