Logo
 Home

Changes to the Integrated Application Authentication for QuickBooks Desktop users

Update, 7/7/2016:

  • Note that these changes will be put into effect for QuickBooks 2015(R10 – US, CA, and UK)
  • Clarified some of the details regarding the implementation and authorization required.

Update, 6/23/2016:  Note that these changes will be put into effect for QuickBooks 2016(R7 – US, CA, and UK)

——————-

Intuit is reinforcing existing security features that help protect QuickBooks customers’ sensitive information.

As a result of this effort, Intuit is delivering an update that impacts third-party applications that connect to QuickBooks Desktop using the QuickBooks XML SDK.

There is no impact to QB XML SDK applications that access QuickBooks Desktop while being used by a QuickBooks user. Rather, the update might affect applications where the desktop application runs in unattended mode (e.g., shopping cart integration via web connector).

The earlier concept of an LGB file that provided access to QB XML SDK apps has been deprecated. A new file specific to a Windows user in a given machine is created on user login that provides access to a QB XML SDK app in QuickBooks.

The implementation of this update will require customers to re-enter their login-in credentials.

  • Once the update is installed, each user on every computer used to access QuickBooks Desktop will be required to log in to QuickBooks to enable the QB XML SDK application to connect or the Admin can login to QuickBooks on each computer for the first time after the upgrade and this will automatically authorize all of the applications for all of the users previously authorized to access the apps. This will also remove the .LGB file which was present earlier.
  • Customers will also be asked to log in if access levels of a third-party application are changed, a new application is added to the list of QB XML SDK applications, or if the QuickBooks password has been changed. If there is a password change, , it should be the respective user who should login to the QuickBooks UI to complete the update. If a new app needs to be authorized, the Admin should log in to authorize the app for the first time.
  • Customers using QuickBooks Desktop on a single computer in a multi-user mode will need to ensure that the administrator/ or users on that computer have logged-in at least once.
  • User-specific apps will require the individual user to log in once the update has been installed. Also a new “Reauthorize” button has been added in the Integrated App Preferences that will generate the new config files for the QB XML SDK apps running in unattended mode. This button is only enabled for the Admin, while in single user mode, and this will generate the entries for all the apps authorized to run in unattended mode when selected.
  • If your application runs as a different windows user, make sure you log in to that windows session and open QuickBooks using the user that your application is running as.

If the company file has Personally Identifiable Information (PII) in QuickBooks, users will be required to login with a password; the SDK app will only be allowed to connect once the login has been completed for that user.

When logging in, customers will be instructed to set up a strong password. Customers should use unique letters and numbers in a password, not basic words that can easily be found online or in the dictionary.

Thank you for your patience and ongoing partnership as we implement these important security updates.

Posted

in

,

by

Lisa Rathjens

Tags:

Comments

10 responses to “Changes to the Integrated Application Authentication for QuickBooks Desktop users”

  1. C Watson Avatar
    C Watson

    With the loss of the .LGB shared file, we are now struggling with the individual .sdu files. Is there a way to modify the .sdu for multiple users on a server or have a shared location for these?

    Reply
    1. William Avatar
      William

      If all of them shares the same windows user login, then only Admin has to reauthorize the apps using the button in the Integrated Application Preferences once or have to open the company file in UI once.

      But if there are independent *windows* user, then there is no way other than each of them opening the file in UI at-least once in each “windows” session.

      Reply
    2. C Watson Avatar
      C Watson

      Thank you for the response.

      Reply
  2. Don Avatar
    Don

    I’ve tried to follow these directions but I still can’t get unattended access working.

    I have OpenSync installed and have logged into the machine it’s running on under all of the accounts (except the disabled Guest account) and I’ve removed and re-added it multiple times while logged in as Admin.

    I don’t understand why it’s not working but I must be missing something.

    Reply
    1. William Avatar
      William

      Try logging in to QuickBooks using the account that the app will run as.

      If that does not work, please submit a support ticket so I can get more details on the issue.

      Reply
  3. QA Avatar
    QA

    After installing QuickBooks 2016 (from 2013), I’ve reauthorized the application (under Preferences > Intergrated Applications > Company Preferences), even removed it and re-authorized it using the same windows user and I still can’t get unattended access working. Am I missing something? This is the message that I keep getting:

    Beginsession failed This application is unable to log into this QuickBooks company data file automatically. The QuickBooks administrator must grant permission for an automatic login through the Integrated Application preferences. If such permission was already granted, the administrator must revoke permission, save preferences, then grant the permission again.

    Reply
  4. QA Avatar
    QA

    Our application stopped working after installing QuickBooks Pro 2016 (from 2013). I’ve reauthorized (Preferences > Integrated Applications > Company Preferences > Reauthorize) and even removed the app and reauthorized it using the same windows login and I still can’t get the unattended mode working. Is there something else that I’m missing? Here’s the message that I keep getting:

    Beginsession failed This application is unable to log into this QuickBooks company data file automatically. The QuickBooks administrator must grant permission for an automatic login through the Integrated Application preferences. If such permission was already granted, the administrator must revoke permission, save preferences, then grant the permission again.

    Reply
    1. William Avatar
      William

      Make sure you are logged in to Windows using the account that is running your application.
      Make sure you open the QB company file using the EXACT path that your application is using to access QB. Using UNC Path and Mapped drives are NOT the same, so make sure the file path is exactly the same.
      Make sure you log in to QB using the same user that your application is running as.

      If all of these are done, then try connecting with QB running first and then close QB and see if you can run in unattended mode.

      Reply
  5. Tech Avatar
    Tech

    Sorry if this is not the appropriate place to post my question, I’m unable to find the appropriate forum.

    Can anyone tell me which files/registry values trigger an integrated application certificate prompt? After a third party app is installed, is there a common location that desktop QuickBooks checks when launching to determine if a certificate approval is required?

    I am working in a terminal server environment and I would like to restrict or even disable the automatic integrated app prompt without disabling the third-party app altogether.

    Thanks in advance.

    Reply
    1. William Avatar
      William

      There is no way to bypass or disable this prompt.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *