Enter your idea

Add support for Microsoft Entra ID for SSO already!!!! Xero must hate their customers.

Why is this not enabled - it's a security risk on our financial data!

It's not complicated i'm sure your developers could easily and quickly roll this out!

It’s 2024, just get it done!

This is implemented in every major accounting platform and major ERP on the market. Without these controls in place it makes it hard for organisations that use Xero to achieve compliance against the essential 8, nist ect..

Get with the times guys your moving like a bunch of accountants 👍

The listed purpose of this idea, as above, is "It makes Microsoft users easily log into Xero". Yes, it does but that is not the main issue here. SSO allows Xero logons to be restricted to work provided secure devices only, via features like M365 conditional access. SSO also means that when a user is offboarded from an organization e.g. via M365 then their logon to Xero is automatically blocked. Without SSO there are potentially users in Xero who still have logons to Xero, but they should not have that access.

I don't mind using the one-time password code. that seems to work fine.

Very necessary

Xero login is a little bit of a pain, SSO integration would make it alot better!

Head of technology is Diya Jolly. I just posted the following on her LinkedIn page under an AI announcement. "How about focusing on basic security instead of AI. Xero does not support Azure SSO which is a requested feature since 2013 on the Xero forums"

I'd like to see Google and AzureAD supported as identity providers. Okta and others would also likely be candidates.

This is pretty much expected functionality these days and may become a reason to move away from Xero if you don't support the functionality.

Not valuing security is a weird hill to die on for cloud accounting software, make it make sense.

We use Xero in our own business but wouldn't recommend it to larger business because of the overhead and security risks involved in having to setup and remove users as and when required. SSO would be a welcome addition.

Perhaps we should start hitting forums with this and start impacting uptake of new business, it's always the financial impact that gets things done.

Please implement this

We'll see GTA VI before we see SSO on Xero.

Integration with identity providers is essential these days to let business control how they want their users to authenticate and ensure strong phishing resistant MFA can be enforced.

I run a cyber security business and it is embarrassing for Xero that this feature is yet to be implemented.

With the new financial year about to start I will be looking at other products for my accounting needs.

Xero is the last key product in our environment that is not secured in this way. This is a critical and urgent improvement in the product.

This feature not being present on the Xero roadmaps are the reason we are holding off recommending Xero deployments for accounting practices. For practices with hardware key phishing resistant authentication and conditional access policies in place, Xero is REDUCING the security of these practices by requiring the use of their clunky MFA, requiring manual offboarding and not providing the enhanced logging that SSO integration provides

Kelly Munro,

Would it be possible for Xero to combine all requests for 'Azure AD', 'SSO, 'Single Sign-On', 'SAML' 'Identity Provider' and 'IdP' including the combined number of votes.

There is a significant number of us customers asking for this but unfortunately there seems to be numerous different Ideas all suggesting the same thing in a slightly different way which may be falsely giving you the impression the numbers are lower.

I originally commented on this several years ago (now since purged!)
This will end up being a tragic own goal for your business.
Can I just ask if your admins/developers have access to databases without using SSO? Even if using your clunky MFA protection, you are one Phish and MFA bypass away from a massive data breach which will have a disastrous impact financially, but more importantly, to the ebbing reputation of your brand. Sack your Product Manager and Information Security team and get a grip of this!

Still waiting for such a basic security feature set in this day and age for businesses.