Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Luigi Bufalino commented
I would not classify this as important I would classify this as critical or must have.
This shouldn't be an optional extra or an after thought.
How far from the roadmap is this functionality?
-
Amedeo Fazi commented
We would like to setup (SSO) Setup Single Sign-On with "our" Microsoft tenant to control any security breeches
I have looked around your documentation however I only find links to setting up SSO for the HUB or MFA which is not what we are looking for.
-
Dave Philp commented
Hello! I was the second person to vote for this feature back in 2013... and here I am, voting again in 2022.
"A few years"... will it be another 9? I certainly hope not.
If there's a concern around 2FA with the ATO, then there's nothing stopping Xero from enforcing its own 2FA after the login flow via SAML or OAuth has completed.
-
Matthew Stringer commented
I'm actually flabbergasted that this has been an item on Xero's agenda since 2013, and here we are in 2022 and you are telling us its a few years to achieve Dana. Quite unbelievable to be honest.
You do not need further input on how this will help us better manage our accounts. I am quite sure your CTO understands very clearly why supporting Azure SSO/SAML integration leads to better client security, he was, after all, CTO of Microsoft New Zealand.
-
Milena Lowe commented
So it has been 9 years, when are you likely to put this critical security feature in place? I would have thought 9 years was a few years. I cannot believe it hasn't been done already. This will make or break our decision in moving to the platform fully.
In our current world of cybersecurity threats, you do not take this seriously enough. Look at Optus, Medibank, Clinical Labs and so on and so on! -
Ian Lazzari commented
This is the only SaaS product in use by our business that doesn't support SAML authentication. We have even added it to our own offering and I'm quite sure our resources are a lot less than yours!
You don't even have to choose a specific IDP such as Azure. The vast majority would be covered once you support SAML. -
Tom Sander commented
Unbelievable that this suggestion was made in 2013 and no progress has been made. This is close to essential in providing security through a single point of truth for user account management, not to mention any conditional access rules implemented within the Azure tenancy.
-
Keith Fountain commented
This should be your number one priority and shouldn't take long to implement, especially with a development team of the size we presume you have as a multinational company. It's just an Azure Enterprise application that you should be able to put together in a couple of months at the outside, not years. I will be suggesting to our finance department that they look at different software.
-
Angus Hayes commented
Dana, Azure SSO integration (and integration with all external identity providers for that matter) should be relatively easy to implement with the Security Assertion Markup Language (SAML). We're not asking Xero to re invent the wheel here, most software as a service companies have had this functionality for several years at least by now. It's a little concerning that a financial software company with a large market share in AU/ NZ and beyond considers this matter a long running journey. I suggest that this should be prioritized or Xero will risk losing customers to other providers who prioritize their customers security.
-
Nathan Morel commented
It should not be 'a few years to achieve', this is a security hole and needs to be prioritized.
-
Ashleigh Green commented
Xero is in our security exception register. This isn't a nice place to be.
-
Jordan Stewart commented
A must have
-
Tony Hettiarachchi commented
great idea
-
Sean Hilton commented
Essential
-
Susan Thearle commented
This is critical to our ongoing use of Xero as our IT ecosystem require this level of security as a minimum. AS others have already said - long overdue.
-
Paul Mills commented
Esssential to align with the security posture of out IT ecosystem.
-
Andrew Quill commented
Personally I can't believe after 9 years this isn't done. This is mainstream and common, not to mention a 101 style control for identity protection. To me and only just confirming this, this is essentially the point I stop recommending Xero to SMB clients. I focus on cyber security and if they can't adequately protect one of the most important data stores for SMB, then it no longer a viable solution. Also, laughable if I'm honest!
I suspect this only has 16 votes because people don't find the feature request page/move to alternative products when they find it doesn't support it. No wonder Xero is used by business that aren't in the SMB or micro business sectors!
-
Donald Damjanovic commented
This feature is overdue.. Xero/WorkflowMax integration with Microsoft Azure AD is a critical (and a now very common) security control feature. Please help your customers protect their Xero/WorkflowMax access and enable a secure and seamless login experience with Single Sign-On (SSO) authentication support.
-
Patrick Burgess commented
Agreed SSO is critical to us now and xero is the only product that now sits outside it.
-
Matthew Marcellino commented
Please develop so we can sure access to this system with our workflow automation. Stopping terminated people from access once they leave is a must.