Enter your idea

So it's been 12 years since this product idea was raised, how on earth are we now in 2026 and lacking such a basic feature. SAML 2.0 is critical for businesses to meet security standards such as the Cyber Essentials set out by the National Cyber Security Centre. We need a update from yourself Kelly to confirm the expected implementation of this - if this is not a priority I can bet Xero will be losing a LOT of customers.

SSO is nearly 21 years old as a feature if we consider SAML 2.0, the most widely implemented protocol (OIDC is better). I would ask the simple question - would Xero buy a software that doesn't support SSO themselves? Probably the answer as no (I hope the answer is no). This should not come as a surprise to Xero employees as you log in every day using SSO -> xero.okta.com

Self-service SSO is non-trivial, but not *that* hard, certainly considering how long this has been swirling the drain. You are probably trying to implement with Okta currently:

1. Create a couple APIs for your application that call the Okta management API in your external Okta tenant for the SSO config
2. Throw a SSO management page in your front end that manages this for admins
3. Profit: Upcharge your customers for "security" features that should really be free

If you need help DM me and I will literally build this for free for you. This feature request is so old it is almost now a teenager at 13 years old - wake up!

We will be forced to drop Xero after nearly 10 years and 3 entities if SSO is not implemented in the very near future.

Hi Kelly - Any idea when this might be coming? even a tentative release target would be helpful.

I have to admit given your update above about work starting on this 1st Oct 2025 I was more than a little surprised and disappointed that this wasn't included in the quarterly feature update email that went out earlier today.

As nearly everyone else has commented, given the sensitivity of the data stored on the platform the lack of this type of identity protection is a little shocking, especially given all the other great features.

Not having this type of standard/basic security controls in place just massively undermines all the other fab stuff xero does.

Hello, would love for this to be in place for Xero, i signed up to it assuming it was already a feature, should've been more thorough in my checks for financial software it seems as it's pretty crazy this is not already in place and this idea was added in 2013! Hopefully we're not far away. Such a shame because everything i've used xero for so far has been great!

Hi Kelly,

I am writing to formally raise and consolidate my concerns regarding Xero’s current position on Microsoft Entra ID (formerly Azure AD) Single Sign-On, and to seek clarity on both delivery timelines and next steps.

The request for native Entra ID SSO has now attracted 614 votes. Based on industry norms, the average Xero firm has around 10 employees, meaning this issue is conservatively affecting over 6,000 individual users. These are real people accessing highly sensitive financial data without the benefit of centralised identity management, conditional access policies, or proper lifecycle control.

From a security, governance, and risk-management perspective, that scale is material.

Without native Entra ID SSO, firms are forced to rely on fragmented login controls and manual processes, increasing exposure to:

Orphaned access when staff leave

Inability to enforce conditional access or MFA policies consistently

Greater susceptibility to credential compromise

This is a preventable risk, and one that is increasingly difficult to justify in a platform positioned as market-leading and enterprise-ready. Frankly, it is embarrassing that a company of Xero’s standing still lacks a baseline identity feature that is now standard practice across professional services and regulated industries.

It is also important to note that this thread has been ongoing for over four years. An update was shared last year indicating that your product team was working with a small group of partners, however there has been no substantive follow-up since. There is still no clarity on scope, progress, or even an indicative timeframe. From the outside, this gives the impression that the issue has stalled, despite continued demand and engagement.

The retention impact is already being felt. I am personally aware of firms that have moved away from Xero specifically due to the absence of proper SSO and identity controls. This is not hypothetical dissatisfaction; it is translating into real churn. If this remains unresolved, I would realistically expect to be among those reconsidering platform alignment. That would be a commercial decision driven by security requirements, not sentiment.

Within the next six months, our firm is on track to reach Platinum Partner status. As a rapidly scaling firm deeply invested in the Xero ecosystem, it is disappointing that the very firms Xero wishes to retain long term are currently the most constrained by this limitation.

To move this forward constructively, I would genuinely welcome direct engagement. I would be happy to either host you and your team at our offices, or to come down to yours with our Head of IT, so we can walk through the real-world security, onboarding, and access-control challenges this creates and help drive this towards a practical resolution. A short, focused discussion between product, security, and real users could achieve far more than years of forum updates.

I would appreciate clarity on the following:

Confirmation that Entra ID SSO will be delivered as a native integration, not a workaround

Whether there is any indicative delivery window (even at a high level, such as quarters)

Whether firms outside the current limited partner group can participate in testing or discovery

Xero sits at the centre of firms’ financial ecosystems. Identity and access management should reflect that level of responsibility and maturity. We want to continue building with Xero long term, but that commitment must align with modern security standards.

I look forward to your response.

This is ridiculous. I'm going to switch to quickbooks because of this missing feature.

Anyone seeking cyber certification such as iso27001 or even insurance it increasingly going to need to justify why there isn’t another solution to use.
Simply why given the simplicity of implementation.

SSO is a minimum requirement for most enterprise organisations for any SaaS application.

Xero, I find it unforgiving to not have this feature enabled in a modern SaaS application. By the time of voting for this enhancement, there's 611 votes, if each one of these represent a company with 10 users, we're already enhancing the authentication of over 6100 users. Is that not reason enough to develop this feature?

The exemption for using Xero in my enterprise expires soon. If it's not renewed or re-approved, then we'll look at a different provider.

Our company's policy requires a formal exemption from our overseas parent for any third-party software that does not support external SSO. It is challenging to continue using Xero without this feature. This needs to be a development priority for Xero.

Key requirements to this functionality is more than convenience of SSO. When identity is Entra ID integrated we have the ability to gather detailed logging of application access that allows for suspicious activities such as atypical travel, impossible travel, credential compromise. We also have the ability to use Identity based access controls to define additional levels of application access such as geo blocking, how often MFA is required and what type of devices (E.g. corporate managed) are allowed to access the app.
Incredibly important to securing application access to an app that contains sensitive corporate data.

I hope you guys are doing SAML or OIDC SSO that way I can use a provider other than Entra ID. Google Workspace SSO with SCIM would be really big for us.

Can't believe this critical security feature is not available in 2025!! Come on Xero sort it out. If you don't you will lose customers, including me.

I can't wait for this to happen as we are moving all entries to SSO via Entra. Please keep me informed when this goes live.

They comply with ISO 27001 (and SOC 2 I've just noticed) so I'm comfortable with the back end protections.

SSO is a nice to have, especially for smaller businesses (which I believe is Xero's target market), so while it's taken a while to get here I'm happy that it's finally coming ... but it was never a deal breaker for us.

Too little, FAR too late. We have moved away from Xero.
I it’s on one of the original threads about 4 years ago.
Xero was the last of our critical applications to even consider Entra integration. It made us think, with this attitude towards a core security function, what is happening with our data in the background, eg encryption, key management, access controls, secure coding etc.
We had no other choice but move to an alternative vendor.

Finally.... hope its not too far away from release. Long overdue.

You'd think this would be a no-brainer...

+1 for supporting SAML or OIDC. Limiting it to Entra is not useful

Yes, I concur with everyone else who is requesting a standards-based implementation that will work with any identity provider. Please do not lock the implementation into a single identity platform.

And I agree that it would be a solid addition to Xero to improve the RBAC granularity available so that the accounting functions can be partitioned beyond just the four user roles that are available currently. This is why I had suggested that Xero look at what Stripe did in its SAML implementation to drive permissions based off the SAML Attributes from the IdP.