Enter your idea

Adding my vote to this. It's hard to understand why Xero is just staying close to the votes on this. This should be no brainer decision. Xero operates in the financial space, you have payroll data, employee data, tax data. SSO should be treated as a must have and not as something nice to have.

Please add support for SSO, ideally customer SAML or OIDC so every identity provider can be integrated. We user Okta ourselves. The other major ones are Entry ID (Azure AD) and Google Workspace.

It is very disappointing that this is still not supported in 2024. This should not be much work at all and just needs to be prioritized as it currently is a huge security risk.

Your latest message is not promising at all and makes us consider moving to NetSuite instead.

This doesn’t enthuse me knowing how crucial this is for any cyber conscious accounting firm, but at least it’s still on the cards! My flame of hope is not egxtingished!

I'm with the others. Please enable SSO with Azure, Google's ecosystem, etc.

This needs to be prioritised, vendors in the financial services space cannot operate with such a gulf in good security hygiene.

Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.

If you need convincing please check up on the following:

Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust

Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview

MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication

This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.

Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.

Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.

Yep adding my 2c- SSO is a no brainer,
I want to disable leavers in Azure AD and not have to faff around working out if they also had a Xero account.
This should not be a significant piece of work - if the overall authentication is well architected. THis poses a different question.

Hi Dana
I have been advised by our Chief Information Security Officer that we have to find a new payroll program if XERO can't provide SSO/idp integration. This is a very important requirement for sensitive data like payroll/personal information/bank details etc
Can you please advise of the progress of Azure SSO, the last info is dated 15/09/2022. I would like to keep XERO portal, however if security is not getting provided from your side we need to cancel our Subscription. We are using XERO since 2017 and are otherwise very happy with the performance.
Please discuss with XERO Management and let us know of the SSO progress as soon as possible. Thank you, best regards Helene
Tricentis APAC Pty Ltd

I'm afraid this is becoming a make or break deal without a secure Azure SSO. Our clients are tier one financial instituations and they are insisting this is implemented across their supplier next work.

Dear Xero

By allowing customer to use Azure SSO, you would be mitigating your responsibility for data security. You would reduce to almost zero your responsibility for data breaches due to customers password / MFA etc.

Other providers (such as Azure SSO) are far more sophisticated that your offering. It's a couple days work of development for a junior team member and another week of documentation.

We would all love your help.

Thanks Michael

Please do this, my IT department is pushing us to leave Xero for the lack of support.

See also https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/44960674-sso-add-saml-authentication-support. These ideas should be combined. Separating similar ideas spreads out the votes leading to poor visibility of user demands for product managers.

Like other SSO solutions, Microsoft Entra (formerly Azure AD) supports SAML for external applications, so these ideas are essentially the same. In 2023, people have grown tired of too many passwords and the disparity of security requirements between vendors.

SSO is no longer an esoteric enterprise requirement. It's a minimum requirement for modern SaaS products.

We are considering more expensive products and considering budgets and the potential for migrations because of basic requirements like this.

Guys I don't understand why this will take such a long time? I know Dev's that can punch this out in a few weeks, let alone years? I'm a security engineer in Azure that works with a lot of apps and I know this incorrect.

?????

This is a must have in so many industries. Luckily my company is small right now, in a year from now, we will likely need to move to a provider that uses SSO.

This isn't a several-year process to implement..... If you spent half as much on development as you did on your parties and events, Xero may find that this would be a really short journey.

As a SaaS company born in the cloud, it amazes me that you haven't yet implemented Azure AD SSO...

This is urgently required.

The application in our environment that needs the most security is one of our least protected. Strongly requesting this feature from Xero. Thanks.

Xero - please accelerate this. It was so long ago that this was originally requested. I voted for a post previously that now seems to have been deleted, and doesn't show in your closed history. What's going on? Come clean and tell people why it hasn't been done yet, and when it will be done by. You have got to realise that your position on this just doesn't make any sense!

With Azure (as well as Google suite) offering industry standard OAuth and OIDC interfaces it really shouldn't be a several year journey. If this was important you could implement it within little more than a month. Big vote from me.