Data Extraction Guide
for Sage Intacct
Step-by-step instructions for your IT team to extract the required CSV files from Sage Intacct via the XML Web Services API for the AuditCore security and controls assessment.
Extract-AuditCoreSageIntacct.ps1 uses Sage Intacct's XML Web Services API to extract all 18 files. No additional PowerShell modules required — works on PowerShell 5.1+.readByQuery and read functions. AuditCore never creates, modifies, or deletes any Sage Intacct data. Disable the extraction user/sender after the assessment.| Requirement | Details | Notes |
|---|---|---|
| User Role | System Administrator or custom role with full module access | Required to query all modules including audit trail |
| Web Services Sender | SenderID + SenderPassword | Setup → Web Services → Manage Senders. Request CSA-WSDK from Sage if not enabled. |
| Company ID | Your Intacct Company ID | Displayed at Company → Company Information → Company ID |
| Multi-Entity Access | Login at top-level entity | Required to extract cross-entity configuration |
User Accounts
All Intacct users: type (Full/Web Services/Employee), admin flag, status, last login, created date
Roles & Permissions
Role definitions: name, description, subscriptions accessible
User Role Assignments
User ↔ role mappings with entity scope and assignment date
Module Permissions
Per-role, per-module access level (Full/Read/None) and dimension restrictions
Audit Trail
Object-level change history (last 90 days): action type, user, timestamp, old/new values
Login History
User login events: username, date/time, IP address, success/failure, failure reason
Accounting Periods
All periods: name, start/end, status (Open/Closed), period type
Vendor Master
All vendors: name, tax ID, bank account (masked), status, created by, last modified
Journal Entries
Manual journal entries (last 90 days): batch ID, amount, created by, approval status
AP Transactions
AP bills and invoices (last 90 days): amount, vendor, created by, approved by, status
Payments
Payment records (last 90 days): amount, vendor, created by, approved by, approval status, method
Approval Workflow Config
Workflow definitions: object type, enabled flag, minimum amount, approver role, dual-signature requirement
Web Services / API Credentials
Sender credentials: sender ID, company, permissions, created date, last rotated, last used
Platform App Connections
Marketplace/third-party apps: name, vendor, permissions granted, last reviewed date
Multi-Entity Configuration
Entity list with isolation levels (Shared/Isolated) and status
Dimension Definitions
Dimension types: name, required flag, access level, PII content flag
Custom Report Definitions
Custom reports with creator, access level, role restrictions, and sensitive data flags
Password & Security Policy
Password complexity, expiry, MFA requirement, session timeout, account lockout settings
Extract-AuditCoreSageIntacct.ps1 authenticates via Sage Intacct's XML API and extracts all 18 files. Requires PowerShell 5.1+ and Web Services subscription.- 1Confirm Web Services is enabled: Subscriptions → Company → check "Web Services".
- 2Obtain Sender credentials: Setup → Web Services → Manage Senders. If none exist, request activation via Sage support (reference: CSA-WSDK).
- 3Download
Extract-AuditCoreSageIntacct.ps1and run:# Run with your Sage Intacct credentials .\Extract-AuditCoreSageIntacct.ps1 ` -CompanyId "ACME_CORP" ` -UserId "apiuser" ` -UserPassword "P@ssw0rd!" ` -SenderId "ACME_SENDER" ` -SenderPassword "SenderP@ss" - 4All 18 CSV files saved to
C:\AuditCore\SageIntacct\. - 5Upload to AuditCore → New Audit → Sage Intacct → Bulk Upload.
| File | Export Path in Sage Intacct | Notes |
|---|---|---|
users.csv | Company → Admin Console → Users → Export | Include all active and inactive users |
roles.csv | Company → Roles → List → Export | |
user_role_assignments.csv | Company → Users → select each user → Roles tab | Export per-user or use Web Services query |
accounting_periods.csv | Company → Accounting Periods → List → Export | Include all period types |
vendors.csv | Accounts Payable → Vendors → List → Export to CSV | Include bank account and modification fields |
journals.csv | General Ledger → Journal Entries → List → Export to CSV | Filter last 90 days; include ApprovedBy |
payments.csv | Accounts Payable → Payments → List → Export to CSV | Include approval status column |
approval_workflows.csv | Company → Workflow → Approvals → List | Manual transcription into CSV template |
api_credentials.csv | Setup → Web Services → Manage Senders | No native export — use CSV template |
audit_trail.csv | Company → Audit Trail (requires subscription) → Export | Requires Audit Trail subscription |
- 1Log in to AuditCore and click New Audit.
- 2Name the audit (e.g. "Acme Intacct — Q1 2026 Assessment") and select Sage Intacct.
- 3Switch to Bulk Upload and drag in all 18 CSV files from
C:\AuditCore\SageIntacct\. - 4Verify Match Summary shows files matched (green), then click Run Assessment.
- 5Results within 2 minutes — full findings, risk score, remediation guidance, and DOCX/PDF export.
| Issue | Likely Cause | Resolution |
|---|---|---|
| "XL03000006 Not Authorized" | Web Services subscription not active | Enable Web Services under Company → Subscriptions |
| "Session ID invalid" / auth failure | Credentials expired or user locked | Re-run script; check user is not locked in Company → Users |
| Empty api_credentials.csv | No sender credentials configured | Create sender in Setup → Web Services → Manage Senders |
| Multi-entity data missing | Logged in at wrong entity level | Ensure userId is at the top-level entity login with cross-entity access |
| audit_trail.csv empty | Audit Trail not subscribed | Contact Sage Intacct support to add Audit Trail subscription |
| "readByQuery failed" on some objects | Module not in subscription | Skip that file — mark as N/A. The assessment will skip related checks. |
| login_history.csv empty | User login history not retained | Check Company → Security → Login History retention settings |