Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Simon Pilot commented
The purpose needs to be changed from easily login to cybersecurity: "Successful and unsuccessful multi-factor authentication events are centrally logged". This is a security compliance issue.
This is preventing my company achieving Australia's Essential 8 Cybersecurity Maturity levels above level 1
-
Keith Fountain commented
Interestingly, if you switch to ideas that are in progress, there are many that have far fewer votes than this post that are being worked on - how many votes do we need to get before you add this to your road map, or at least tell us why you are so reticent about implementation.
-
Shahiq Sarkar commented
It is sad to see that the response from Xero from 2014 has been the same, please upvote and we will look into it. Then come in development updates, sorry we have no roadmap for this. It is essential that we manage user accesses in larger organisations.
-
Kenneth Luu commented
It is highly unusual that an essential feature like this does not exist in 2024 when Xero was started in 2006. The SAML standard has been around longer than Xero has been a company. This is an essential quality-of-life and security visibility feature.
-
Gareth Hardman commented
SSO is not only desired, it is REQUIRED. We are no longer onboarding any new systems that do not afford single sign on, for all the reasons of security, access control and account management that have already been stated.
Like others have mentioned, if we cannot have this level of security and account management on the Xero platform then we will be forced to look at alternatives that provide it.
Being in the financial sector we are heavily and continually audited by external parties, and the main thing that gets brought up on every report is the lack of SSO security with Xero.
-
Simon Pilot commented
Single Sign On SSO with Microsoft Entra ID is required to restrict logins to compliant devices only. We don't allow BYOD access to Xero but we can't enforce this check without SSO sign in workflows. This represents an unacceptable risk to our business.
-
Iain Enticott commented
This is an absolute MUST, and XERO is on our risk register until this is released. This is not a feature but a standard requirement for SaaS applications today.
-
Michael Fowlie commented
This is such a standard and critical feature that virtually every SaaS offers. I don't understand why a company as big as Xero doesn't offer it.
-
Lionel Koblenz commented
Would really like Xero to support SAML provided by an external authenticator. It would make our systems so much more secure and manageable.
-
Luke Russell commented
+1 for Single Sign on.
SAML or Outh2 is close to table stakes really. This feature shouldn't be limited to just Entra either. Perhaps start with Entra, Google and Generic.
-
John Gilham commented
Add support for Microsoft Entra ID for SSO already!!!! Xero must hate their customers.
-
David Lane commented
Why is this not enabled - it's a security risk on our financial data!
It's not complicated i'm sure your developers could easily and quickly roll this out!
-
Robert Folbigg commented
It’s 2024, just get it done!
This is implemented in every major accounting platform and major ERP on the market. Without these controls in place it makes it hard for organisations that use Xero to achieve compliance against the essential 8, nist ect..
Get with the times guys your moving like a bunch of accountants 👍
-
David Long commented
The listed purpose of this idea, as above, is "It makes Microsoft users easily log into Xero". Yes, it does but that is not the main issue here. SSO allows Xero logons to be restricted to work provided secure devices only, via features like M365 conditional access. SSO also means that when a user is offboarded from an organization e.g. via M365 then their logon to Xero is automatically blocked. Without SSO there are potentially users in Xero who still have logons to Xero, but they should not have that access.
-
Angele Grone commented
I don't mind using the one-time password code. that seems to work fine.
-
Zoe Bethel commented
Very necessary
-
Jacinta Belz commented
Xero login is a little bit of a pain, SSO integration would make it alot better!
-
David Long commented
Head of technology is Diya Jolly. I just posted the following on her LinkedIn page under an AI announcement. "How about focusing on basic security instead of AI. Xero does not support Azure SSO which is a requested feature since 2013 on the Xero forums"
-
David Erikson commented
I'd like to see Google and AzureAD supported as identity providers. Okta and others would also likely be candidates.
This is pretty much expected functionality these days and may become a reason to move away from Xero if you don't support the functionality.
-
Michael Wood commented
Not valuing security is a weird hill to die on for cloud accounting software, make it make sense.