Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
David Long commented
Head of technology is Diya Jolly. I just posted the following on her LinkedIn page under an AI announcement. "How about focusing on basic security instead of AI. Xero does not support Azure SSO which is a requested feature since 2013 on the Xero forums"
-
David Erikson commented
I'd like to see Google and AzureAD supported as identity providers. Okta and others would also likely be candidates.
This is pretty much expected functionality these days and may become a reason to move away from Xero if you don't support the functionality.
-
Michael Wood commented
Not valuing security is a weird hill to die on for cloud accounting software, make it make sense.
-
Timothy Bailey commented
We use Xero in our own business but wouldn't recommend it to larger business because of the overhead and security risks involved in having to setup and remove users as and when required. SSO would be a welcome addition.
-
Keith Fountain commented
Perhaps we should start hitting forums with this and start impacting uptake of new business, it's always the financial impact that gets things done.
-
Thomas Cusmano commented
Please implement this
-
Krupal Tandel commented
We'll see GTA VI before we see SSO on Xero.
-
Matthew Flanagan commented
Integration with identity providers is essential these days to let business control how they want their users to authenticate and ensure strong phishing resistant MFA can be enforced.
I run a cyber security business and it is embarrassing for Xero that this feature is yet to be implemented.
With the new financial year about to start I will be looking at other products for my accounting needs.
-
Tim Long commented
Xero is the last key product in our environment that is not secured in this way. This is a critical and urgent improvement in the product.
-
Matt Minus commented
This feature not being present on the Xero roadmaps are the reason we are holding off recommending Xero deployments for accounting practices. For practices with hardware key phishing resistant authentication and conditional access policies in place, Xero is REDUCING the security of these practices by requiring the use of their clunky MFA, requiring manual offboarding and not providing the enhanced logging that SSO integration provides
-
Alex Steer commented
Kelly Munro,
Would it be possible for Xero to combine all requests for 'Azure AD', 'SSO, 'Single Sign-On', 'SAML' 'Identity Provider' and 'IdP' including the combined number of votes.
There is a significant number of us customers asking for this but unfortunately there seems to be numerous different Ideas all suggesting the same thing in a slightly different way which may be falsely giving you the impression the numbers are lower.
-
Ian Lazzari commented
I originally commented on this several years ago (now since purged!)
This will end up being a tragic own goal for your business.
Can I just ask if your admins/developers have access to databases without using SSO? Even if using your clunky MFA protection, you are one Phish and MFA bypass away from a massive data breach which will have a disastrous impact financially, but more importantly, to the ebbing reputation of your brand. Sack your Product Manager and Information Security team and get a grip of this! -
Chris Wharton commented
Still waiting for such a basic security feature set in this day and age for businesses.
-
Tyson O'Connell commented
Xero we desperately need Single Sign On (SSO) capability for Xero access. It's unusual that you do not even have this on your agenda or in the works, based on the responses from your Xero Community Managers. I would have thought that 227 votes by June 2024 for security, not a product feature, would be at the top of your priority list.
We need Xero to implement Security Assertion Markup Language (SAML) Single Sign-On (SSO) capability.
It's a considerable security issue and risk not having this.
Xero customers should not be forced to consider alternatives to Xero as a result of security.
Please recognise that many businesses today require Identity and Access Management (IAM) solutions, such as Okta and other SSO providers.
Please reconsider your position on this. -
Rupert Davey commented
Xero is one of the most critical and least secure of the application in play at sme level. No Entra ID support in this day and age is frankly nonsense.
-
Chris Wilson commented
Why is this just about Azure. Just use standard SAML then any identity provider will work. We need JumpCloud
-
David Long commented
This is critical for IT security. It is very disappointing that Xero does not support this feature. SSO allows for automatic user offboarding, so there is no risk that an offboarded user still has access to Xero. It also allows Conditional Access to block the usage of Xero on unsecure personal laptops
-
Maurice Veliz commented
The Company I work for is looking for a new financial solution. I was going to recommend Xero, having used myself. However, as IT operations manager, one of my requirements is SSO and in particular Microsoft Azure.
I was surprised that Xero doesn't support AAD SSO and no commitment unless there are enough votes to consider.You are losing potential customers.
-
Joseph Kelly commented
I am shocked this is not a standard feature! To use SSO & automatic provisioning is a huge standard practise now. Please develop this!
-
Daniel Herr commented
Hi Xero, one big vote here from a cyber security firm using your service for 10 years now. He have Microsoft Entra ID SSO sign-in for every app except Xero. This is a compromise, having to have additional passwords out there. You are about to increase your pricing again, and I thought that something like this would have been implemented at the very least. It's been a long time already.... let's get up to speed, please.