Login - Enable Microsoft Entra ID Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.

Hi everyone, we appreciate all the feedback and votes on this idea. We know using Microsoft Entra ID SSO is now common practice for some businesses and being able to access Xero via a native integration with Entra ID would streamline how your teams log in and get set up in Xero, as well as help in managing access for larger teams and keeping things secure.
Our product team have been working with a small limited group of Partners to develop SSO capabilities. Though we can't give any definite timelines yet, we’ll keep this thread updated with news. Thanks
-
Reinart Stander commented
Hi Kelly,
This isn’t about convenience. It’s about identity security.
Xero does not expose sign-in logs (successful/failed), source IPs/locations, or provide native controls like geo-blocking or Conditional Access. Without those, we have no verifiable authentication telemetry and no policy enforcement at the identity edge.
Bottom line: the current setup lacks a critical security layer. To meet baseline controls, Xero access must be fronted by an IdP (SSO + MFA) with Conditional Access and logging routed to a SIEM. Until that’s in place, you cannot claim adequate identity assurance.
-
IT @SaatchiGallery commented
Yeah.... in development! ...by 2030 you'll get it, boys and girls .. by then, maybe we'll even have different authentication methods and SSO will be obsolete!
Thank you for the update - only for this, it took what 4-5 years? Mental!
-
Jared Poole commented
Very happy to hear SSO is in the works!
-
Brenton Johnson commented
OICD Entra specifically would be much better! I'll take anything at this point - its 2025!
-
Chris Wilson commented
Thanks, although not just Entra please - standard SAML so that any identity provider can work.
-
Lauren Child commented
Can we get onto the trial please?
-
Chris Neophytou commented
@Kelly, please add me to the SSO beta if possible too. Very interested to be part of this.
-
Barry Johnson commented
You make this sound as though it's a nice to have. With the number of cyber attacks currently happening, having single provisioning and access from Entra would enable us to use features like conditional access, centralised logging, and deprovisioning of users from one place without the need to manage it in Xero. Your RBAC is terrible; offering almost no granularity of user management, and there's no way to mandate security controls like MFA centrally. It's really not a nice to have, but a necessity because either you own security needs a tremendous amount of work, or you could just use existing known services like Entra. Xero is fast becoming the old competition that it used to overtake and it's time to wake up.
-
Josh De Raadt commented
As with Joel's comment, I'm also an IT provider and have clients (and myself) who would love to be part of the beta when it becomes available. Thankyou for finally listening to the feedback on this. Also please don't join the https://sso.tax wall of shame - make this available to all plans, or at least not exclusively on the highest tiers
-
Joel Kino commented
This is fantastic to see! I have been upvoting and commenting for this for years.
Kelly, we’re a Microsoft partner and Xero customer and have many customers using Xero as well as deep experience with Entra ID and SSO integrations. Is it possible to get into the beta program. -
Adrian Bole commented
Thanks for the updated Kelly - really great there's some activity in progress. We're actually an identity and access management consultancy (who is a Xero customer). Is there a way we could get involved in this? Thanks!
-
Matthew Coombe commented
@kelly so happy to see this is finally in development and hopefully it gets the dev priority it deserves to enhance Identity and Access Management for Xero customers.
-
Alex Steer commented
Thank you Kelly,
Very grateful that you picked this critical SaaS security feature request up and are finally taking it seriously.
Note that there's a lot of ideas asking for the same kind of generic SAML2.0 / SCIM / OIDC type functionality going back over 10 years. Over that time, as you'll have seen from our comments a lot of faith in Xero and this process has been lost.
I can see you aren't giving a definite timeline or commitment but even if you can't do that, what would be great is either when you will be able to offer us that timeline, or when we can at least expect another update so we know this isn't just words.
Many thanks again for finally getting your team onboard.
-
Ashley Brown commented
Works for me incognito:
https://feedback.xero.com/jfe/form/SV_29u5ddCM77x11aK -
Mark Anyon commented
That feedback link below doesnt work. I note that https://feedback.xero.com/ goes to Xeros internal Okta SSO login prompt....!
-
Ashley Brown commented
Smash them on the survey guys
https://feedback.xero.com/jfe/form/SV_29u5ddCM77x11aK? -
Erin Marney commented
We are going through the process of moving everything possible to SSO and feel at this time in late 2025 Xero is going to fall behind if they don't act on these capabilities to offer their customers. Move it up the development list.
-
Chris Neophytou commented
@Andrew A - fair comment. Xero SSO would be better and cheaper and if it arrives we will definitely use it!
-
Ray Brindley commented
Still can't believe how utterly pathetic Xero is for this. Every other major vendor can do this why is Xero so utterly inept and insists on insecure methods of authentication.
Xero is the biggest vulnerability in our organisation because it's the only system that doesn't have SSO. -
Andrew Anderson commented
@Chris Okta's SWA is a browser plugin solution that performs credential stuffing into login forms.
While it would permit for using Okta as a launching point, it does not provide the same level of capabilities and (I would argue) security that a native OIDC/SAML solution would provide.