Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Kyle Bruin commented
Xero is behind the competition in not offering this. This is a very common feature and as others have said, weighs on our decision to continue to use Xero. The correct response Kelly should be the team has deemed this an urgent priority. Wild that Xero still thinks they need to gauge interest or collect votes for this. That reflects poorly on Xero's stance on security and their understanding of SaaS in general.
-
Daniela Kostovic commented
Just implemented Xero and looked into SSO and its not available. From a security and user perspective SSO is very important and should be available as a standard feature.
-
EMC I.T. Solutions commented
This is very long overdue and for an otherwise great product, this is a glaring weakness/deficiency. Most tech companies implemented SSO with major IDP solutions 4-5 years ago, if not longer.
-
Richard Crozier commented
Recall many only voting here because you previously closed the highly voted submission requesting generic third-party SSO years ago.
-
IT @SaatchiGallery commented
This idea comes from IT professionals and seems unimportant to their financial minds - sorted by the number of votes, it only goes to page 4!
It's such a shame XERO! You should be ashamed that you take IT security in such a derogatory and joking way, but I am sure it will come back to you - it's just a matter of time!.... disappointing!
-
Richard Over commented
I can not stress enough that in April 2024, the lack of SSO in Xero is a very large black mark against the continued use of the software.
On every RFP for my clients DDQ's, and I have to call out the lack of SSO in Xero.
-
Aimee white commented
I run my own business but also work for a large financial services company.
Our biggest security gap is no SSO on Xero.
If I can get my big company off Xero I will. Lazy not to have it.
-
Peter Barsdell commented
Very sad to see that this issue has been on the product ideas website since September 2013... and only just now in April 2024 do we get a post from the community manager. Saying that, thankyou Kelly Munro for giving us a response.
Id also like to add a note for others, the permission system in Xero is a big problem too, and probably a blocker to this. there has been an issue on the product ideas site (since this site was created) about the inability to give xero users access to the products section of xero without letting them see the bank feed. Though in theory this should be a simple intergration for xero to built, to me, as an outsider, Xero have a lot of work on their permissions system before they can work on this.
-
Simon Hurlstone commented
Xero not having SSO is the biggest gap in our security: Full stop.
-
Anthony Koochew commented
Absurd that in this day and age Xero doesnt support SSO.
-
Nicolas Naim commented
Adding my vote to this. It's hard to understand why Xero is just staying close to the votes on this. This should be no brainer decision. Xero operates in the financial space, you have payroll data, employee data, tax data. SSO should be treated as a must have and not as something nice to have.
-
Jan van der Kolk commented
Please add support for SSO, ideally customer SAML or OIDC so every identity provider can be integrated. We user Okta ourselves. The other major ones are Entry ID (Azure AD) and Google Workspace.
It is very disappointing that this is still not supported in 2024. This should not be much work at all and just needs to be prioritized as it currently is a huge security risk.
Your latest message is not promising at all and makes us consider moving to NetSuite instead.
-
Nathan Morris commented
This doesn’t enthuse me knowing how crucial this is for any cyber conscious accounting firm, but at least it’s still on the cards! My flame of hope is not egxtingished!
-
Toby Harbanuk commented
I'm with the others. Please enable SSO with Azure, Google's ecosystem, etc.
-
Adrian King commented
This needs to be prioritised, vendors in the financial services space cannot operate with such a gulf in good security hygiene.
-
Nigel Clark commented
Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.
If you need convincing please check up on the following:
Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust
Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication
This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.
Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.
Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.
-
Steve Bates commented
Yep adding my 2c- SSO is a no brainer,
I want to disable leavers in Azure AD and not have to faff around working out if they also had a Xero account.
This should not be a significant piece of work - if the overall authentication is well architected. THis poses a different question. -
Helene Gasser commented
Hi Dana
I have been advised by our Chief Information Security Officer that we have to find a new payroll program if XERO can't provide SSO/idp integration. This is a very important requirement for sensitive data like payroll/personal information/bank details etc
Can you please advise of the progress of Azure SSO, the last info is dated 15/09/2022. I would like to keep XERO portal, however if security is not getting provided from your side we need to cancel our Subscription. We are using XERO since 2017 and are otherwise very happy with the performance.
Please discuss with XERO Management and let us know of the SSO progress as soon as possible. Thank you, best regards Helene
Tricentis APAC Pty Ltd -
Richard Over commented
I'm afraid this is becoming a make or break deal without a secure Azure SSO. Our clients are tier one financial instituations and they are insisting this is implemented across their supplier next work.
-
Michael Brown commented
Dear Xero
By allowing customer to use Azure SSO, you would be mitigating your responsibility for data security. You would reduce to almost zero your responsibility for data breaches due to customers password / MFA etc.
Other providers (such as Azure SSO) are far more sophisticated that your offering. It's a couple days work of development for a junior team member and another week of documentation.
We would all love your help.
Thanks Michael