Sage Intacct — Extraction Guide

Data Extraction Guide
for Sage Intacct

Step-by-step instructions for your IT team to extract the required CSV files from Sage Intacct via the XML Web Services API for the V/ergent security and controls assessment. Includes Release 5 programme packs: 25 AML / Wolfsberg controls + 50 cross-system SoD rules + (SAP-only) 30 SAP-GRC-parity fraud patterns.

18Data Files
6Domains
105+Checks + R5 rules
~20 minEst. Time
All Guides
Quick start

Recommended extraction path

Use the V/ergent extractor first. It writes CSVs to a timestamped folder under C:\Vergent\Export, then you upload that folder into the audit project.

Get extractor
1. Confirm accessUse the read-only role/API scopes listed below.
2. Download with codePaid/active users receive an email code before download.
3. Run locallyPowerShell writes CSV output; V/ergent does not receive credentials.
4. Upload and auditUpload CSVs, confirm file match, then run the audit.
Manual path if automated extraction is blocked

Use the required-file list below as the manual checklist. Keep filenames unchanged, leave unavailable files empty with only headers, and record any missing source in the upload notes before running the audit.

0 Before You Begin
Automated extraction recommended. Extract-VergentSageIntacct.ps1 uses Sage Intacct's XML Web Services API to extract all 18 files. No additional PowerShell modules required — works on PowerShell 5.1+.
Read-only — no changes to Sage Intacct. All operations use readByQuery and read functions. V/ergent never creates, modifies, or deletes any Sage Intacct data. Disable the extraction user/sender after the assessment.
RequirementDetailsNotes
User RoleSystem Administrator or custom role with full module accessRequired to query all modules including audit trail
Web Services SenderSenderID + SenderPasswordSetup → Web Services → Manage Senders. Request CSA-WSDK from Sage if not enabled.
Company IDYour Intacct Company IDDisplayed at Company → Company Information → Company ID
Multi-Entity AccessLogin at top-level entityRequired to extract cross-entity configuration
1 Required Files (18 total)
Identity & Access
users.csvIdentity

User Accounts

All Intacct users: type (Full/Web Services/Employee), admin flag, status, last login, created date

roles.csvIdentity

Roles & Permissions

Role definitions: name, description, subscriptions accessible

user_role_assignments.csvIdentity

User Role Assignments

User ↔ role mappings with entity scope and assignment date

module_permissions.csvIdentity

Module Permissions

Per-role, per-module access level (Full/Read/None) and dimension restrictions

Audit & Compliance
audit_trail.csvAudit

Audit Trail

Object-level change history (last 90 days): action type, user, timestamp, old/new values

login_history.csvAudit

Login History

User login events: username, date/time, IP address, success/failure, failure reason

Financial Controls
accounting_periods.csvFinancial

Accounting Periods

All periods: name, start/end, status (Open/Closed), period type

vendors.csvFinancial

Vendor Master

All vendors: name, tax ID, bank account (masked), status, created by, last modified

journals.csvFinancial

Journal Entries

Manual journal entries (last 90 days): batch ID, amount, created by, approval status

ap_transactions.csvFinancial

AP Transactions

AP bills and invoices (last 90 days): amount, vendor, created by, approved by, status

payments.csvFinancial

Payments

Payment records (last 90 days): amount, vendor, created by, approved by, approval status, method

approval_workflows.csvFinancial

Approval Workflow Config

Workflow definitions: object type, enabled flag, minimum amount, approver role, dual-signature requirement

Integration Security / Data Security / System Config
api_credentials.csvIntegration

Web Services / API Credentials

Sender credentials: sender ID, company, permissions, created date, last rotated, last used

platform_apps.csvIntegration

Platform App Connections

Marketplace/third-party apps: name, vendor, permissions granted, last reviewed date

entities.csvData Sec

Multi-Entity Configuration

Entity list with isolation levels (Shared/Isolated) and status

dimensions.csvData Sec

Dimension Definitions

Dimension types: name, required flag, access level, PII content flag

reports.csvData Sec

Custom Report Definitions

Custom reports with creator, access level, role restrictions, and sensitive data flags

password_policy.csvSys Config

Password & Security Policy

Password complexity, expiry, MFA requirement, session timeout, account lockout settings

Detailed extraction steps require sign-in
The full extraction guide — including SQL queries, transaction codes, PowerShell scripts, and the complete file/table reference — is available to V/ergent customers. The overview above tells you what's involved; sign in to access the operational detail.
Sign in Create account
Already a customer? Sign in here.
Ready to start your Sage Intacct assessment?
Upload your extracted files and receive a full Sage Intacct security report within minutes.
Go to Dashboard
What V/ergent ships for Sage Intacct (Release 5)

Native coverage: 16 SoD rules (SI-SOD-001..016).

Plus the three Release 5 programme packs that run alongside this platform's audit:

Every finding carries citations across 13 frameworks (COSO 2013, COBIT 2019, NIST CSF 2.0, ISO 27001:2022, CIS v8, SOX ITGC, SOC 2 TSC, PCI DSS v4, HIPAA, DORA, NIS2, GDPR, Kenya DPA) — 11 of 13 at ≥75% mapped coverage. See the Check Packs page for per-pack framework coverage badges.