Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Helene Gasser commented
Hi Dana
I have been advised by our Chief Information Security Officer that we have to find a new payroll program if XERO can't provide SSO/idp integration. This is a very important requirement for sensitive data like payroll/personal information/bank details etc
Can you please advise of the progress of Azure SSO, the last info is dated 15/09/2022. I would like to keep XERO portal, however if security is not getting provided from your side we need to cancel our Subscription. We are using XERO since 2017 and are otherwise very happy with the performance.
Please discuss with XERO Management and let us know of the SSO progress as soon as possible. Thank you, best regards Helene
Tricentis APAC Pty Ltd -
Richard Over commented
I'm afraid this is becoming a make or break deal without a secure Azure SSO. Our clients are tier one financial instituations and they are insisting this is implemented across their supplier next work.
-
Michael Brown commented
Dear Xero
By allowing customer to use Azure SSO, you would be mitigating your responsibility for data security. You would reduce to almost zero your responsibility for data breaches due to customers password / MFA etc.
Other providers (such as Azure SSO) are far more sophisticated that your offering. It's a couple days work of development for a junior team member and another week of documentation.
We would all love your help.
Thanks Michael
-
Adam Jones commented
Please do this, my IT department is pushing us to leave Xero for the lack of support.
-
Aaron Angel commented
See also https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/44960674-sso-add-saml-authentication-support. These ideas should be combined. Separating similar ideas spreads out the votes leading to poor visibility of user demands for product managers.
Like other SSO solutions, Microsoft Entra (formerly Azure AD) supports SAML for external applications, so these ideas are essentially the same. In 2023, people have grown tired of too many passwords and the disparity of security requirements between vendors.
SSO is no longer an esoteric enterprise requirement. It's a minimum requirement for modern SaaS products.
We are considering more expensive products and considering budgets and the potential for migrations because of basic requirements like this.
-
Peter Laycock commented
Guys I don't understand why this will take such a long time? I know Dev's that can punch this out in a few weeks, let alone years? I'm a security engineer in Azure that works with a lot of apps and I know this incorrect.
?????
-
Matthew Smith commented
This is a must have in so many industries. Luckily my company is small right now, in a year from now, we will likely need to move to a provider that uses SSO.
-
Luigi Bufalino commented
This isn't a several-year process to implement..... If you spent half as much on development as you did on your parties and events, Xero may find that this would be a really short journey.
-
Martin Burns commented
As a SaaS company born in the cloud, it amazes me that you haven't yet implemented Azure AD SSO...
-
Ryan Byrne commented
This is urgently required.
-
Josh Hunter commented
The application in our environment that needs the most security is one of our least protected. Strongly requesting this feature from Xero. Thanks.
-
Daniel Suttle commented
Xero - please accelerate this. It was so long ago that this was originally requested. I voted for a post previously that now seems to have been deleted, and doesn't show in your closed history. What's going on? Come clean and tell people why it hasn't been done yet, and when it will be done by. You have got to realise that your position on this just doesn't make any sense!
-
Tom Burton commented
With Azure (as well as Google suite) offering industry standard OAuth and OIDC interfaces it really shouldn't be a several year journey. If this was important you could implement it within little more than a month. Big vote from me.
-
Alex Parkinson commented
Will likely have to leave Xero in the next 12 months if this isn't addressed. Basic requirement these days, disappointing from an otherwise great product.
-
Jason Hensley commented
In 2023 this is now a basic requirement for org security. SAML 2.0 to integrate with major Identity Providers, including Azure. Xero, step it up and get this done!
-
Keith Fountain commented
Apologies for my passive aggressive comments in the past, they are borne from the frustration of not getting any real commitment, response or timeline for this request.
The reason we want SSO is so that when we disable a users account, they are locked out of everywhere from that moment. If we have multiple applications with multiple user accounts and we have to send requests to different department administrators to get these accounts disabled, it invariably means delay. In the current climate, the damage that can be done by an employee on a GDPR level can be immense if one account is overlooked, or the person that manages that application is off on that day. When all logins are controlled by a single account disabled=blocked, which you would think a company of Xero's size and reach would understand.
Please give us some kind of indication about the current roadmap and a projected date for implementation so we can remove Xero from our risk register.
-
Ben Nichols commented
As everyone says, this is absolutly critical. Being able to restrict access to Xero via Azure AD Conditional Access is critical.
Xero! Why would you NOT want to absolve yourself of the responsibility of handling authentication - hand that off to Azure AD, and that's one less thing to worry about (and be compromised!)- it makes it the customer's (and Microsoft's) responsibility then.
-
Ben Humphreys commented
We are likely to have to move away from Xero due to Qld Law Society Cyber Security requirements. Even as a small law firm, we are now required to have in place Conditional Access for all prctice accounts, systems and data. If Xero cannot provide Azure SSO we will not have a choice but move to a provider who can!
-
Alex Steer commented
Unfortunately, the lights are on but it doesn't appear that in many many years of customers begging for SSO through a 3rd party IdP via the open standard SAML2.0 protocol that they're listening, or maybe just do not understand what is being asked.
-
Patrick Burgess commented
Just SSO. Pllleeeeaaaassseeee. You are now the only SaaS platform we use outside our SSO. Don't be that company who has to get breached before they start implementing basic security requirements.