I am assuming that when you say "My administrator can authenticate with QuickBooks [Online] (QBO) and perform any number of tasks" that this connection is to your company's QBO account.
Therefore, when there is a new sign up you create the customer on the QBO side by using your company's OAuth tokens, which should be persisted in some fashion (DB or .yaml file). In the example below the OAuth information is persisted to the Account model as the following attributes: qb_token, qb_secret, and qb_realm_id. The $qb_oauth_consumer global comes from config/initializer/quickeebooks.rb.
account = Account.find(1) # your company's account
oauth_client = OAuth::AccessToken.new($qb_oauth_consumer, account.qb_token, account.qb_secret)
service = Quickeebooks::Online::Service::Customer.new
service.access_token = oauth_client
service.realm_id = account.qb_realm_id
# Map the new user to QuickBooks Customer
qb_customer = Quickeebooks::Online::Model::Customer.new
qb_customer.name = params[:new_signup_name]
qb_customer.email_address = params[:new_signup_email]
# etc.
service.create(qb_customer)
This goes for invoices, purchases, and whatever else. You use your company's OAuth connection to QBO.