Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Joel Mansford commented
Has this idea really been here for nearly 10years?
It beggars belief that on a system holding the most sensitive information a company has together with the ability to make payments etc this isn't already implemented.
Xero is quickly proving that it's only suitable for very small businesses and as soon as security is a concern you have to shop elsewhere for your accounting software. -
Vicky Albury commented
Will XERO only adopt industry standards AFTER their home grown security system has been compromised? Our CISO is asking for the same thing as everyone else - the ability to integrate with Azure should be mandatory, this is not a finance function and should be performed by a business with a track record in security
-
Martin Bannister commented
I dont think Xero care about security because if they did this would at least being worked on.
-
Kyle Bruin commented
Xero is behind the competition in not offering this. This is a very common feature and as others have said, weighs on our decision to continue to use Xero. The correct response Kelly should be the team has deemed this an urgent priority. Wild that Xero still thinks they need to gauge interest or collect votes for this. That reflects poorly on Xero's stance on security and their understanding of SaaS in general.
-
Daniela Kostovic commented
Just implemented Xero and looked into SSO and its not available. From a security and user perspective SSO is very important and should be available as a standard feature.
-
EMC I.T. Solutions commented
This is very long overdue and for an otherwise great product, this is a glaring weakness/deficiency. Most tech companies implemented SSO with major IDP solutions 4-5 years ago, if not longer.
-
Richard Crozier commented
Recall many only voting here because you previously closed the highly voted submission requesting generic third-party SSO years ago.
-
IT @SaatchiGallery commented
This idea comes from IT professionals and seems unimportant to their financial minds - sorted by the number of votes, it only goes to page 4!
It's such a shame XERO! You should be ashamed that you take IT security in such a derogatory and joking way, but I am sure it will come back to you - it's just a matter of time!.... disappointing!
-
Richard Over commented
I can not stress enough that in April 2024, the lack of SSO in Xero is a very large black mark against the continued use of the software.
On every RFP for my clients DDQ's, and I have to call out the lack of SSO in Xero.
-
Aimee white commented
I run my own business but also work for a large financial services company.
Our biggest security gap is no SSO on Xero.
If I can get my big company off Xero I will. Lazy not to have it.
-
Peter Barsdell commented
Very sad to see that this issue has been on the product ideas website since September 2013... and only just now in April 2024 do we get a post from the community manager. Saying that, thankyou Kelly Munro for giving us a response.
Id also like to add a note for others, the permission system in Xero is a big problem too, and probably a blocker to this. there has been an issue on the product ideas site (since this site was created) about the inability to give xero users access to the products section of xero without letting them see the bank feed. Though in theory this should be a simple intergration for xero to built, to me, as an outsider, Xero have a lot of work on their permissions system before they can work on this.
-
Simon Hurlstone commented
Xero not having SSO is the biggest gap in our security: Full stop.
-
Anthony Koochew commented
Absurd that in this day and age Xero doesnt support SSO.
-
Nicolas Naim commented
Adding my vote to this. It's hard to understand why Xero is just staying close to the votes on this. This should be no brainer decision. Xero operates in the financial space, you have payroll data, employee data, tax data. SSO should be treated as a must have and not as something nice to have.
-
Jan van der Kolk commented
Please add support for SSO, ideally customer SAML or OIDC so every identity provider can be integrated. We user Okta ourselves. The other major ones are Entry ID (Azure AD) and Google Workspace.
It is very disappointing that this is still not supported in 2024. This should not be much work at all and just needs to be prioritized as it currently is a huge security risk.
Your latest message is not promising at all and makes us consider moving to NetSuite instead.
-
Nathan Morris commented
This doesn’t enthuse me knowing how crucial this is for any cyber conscious accounting firm, but at least it’s still on the cards! My flame of hope is not egxtingished!
-
Toby Harbanuk commented
I'm with the others. Please enable SSO with Azure, Google's ecosystem, etc.
-
Adrian King commented
This needs to be prioritised, vendors in the financial services space cannot operate with such a gulf in good security hygiene.
-
Nigel Clark commented
Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.
If you need convincing please check up on the following:
Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust
Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication
This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.
Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.
Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.
-
Steve Bates commented
Yep adding my 2c- SSO is a no brainer,
I want to disable leavers in Azure AD and not have to faff around working out if they also had a Xero account.
This should not be a significant piece of work - if the overall authentication is well architected. THis poses a different question.