Enter your idea

Will likely have to leave Xero in the next 12 months if this isn't addressed. Basic requirement these days, disappointing from an otherwise great product.

In 2023 this is now a basic requirement for org security. SAML 2.0 to integrate with major Identity Providers, including Azure. Xero, step it up and get this done!

Apologies for my passive aggressive comments in the past, they are borne from the frustration of not getting any real commitment, response or timeline for this request.

The reason we want SSO is so that when we disable a users account, they are locked out of everywhere from that moment. If we have multiple applications with multiple user accounts and we have to send requests to different department administrators to get these accounts disabled, it invariably means delay. In the current climate, the damage that can be done by an employee on a GDPR level can be immense if one account is overlooked, or the person that manages that application is off on that day. When all logins are controlled by a single account disabled=blocked, which you would think a company of Xero's size and reach would understand.

Please give us some kind of indication about the current roadmap and a projected date for implementation so we can remove Xero from our risk register.

As everyone says, this is absolutly critical. Being able to restrict access to Xero via Azure AD Conditional Access is critical.

Xero! Why would you NOT want to absolve yourself of the responsibility of handling authentication - hand that off to Azure AD, and that's one less thing to worry about (and be compromised!)- it makes it the customer's (and Microsoft's) responsibility then.

We are likely to have to move away from Xero due to Qld Law Society Cyber Security requirements. Even as a small law firm, we are now required to have in place Conditional Access for all prctice accounts, systems and data. If Xero cannot provide Azure SSO we will not have a choice but move to a provider who can!

Unfortunately, the lights are on but it doesn't appear that in many many years of customers begging for SSO through a 3rd party IdP via the open standard SAML2.0 protocol that they're listening, or maybe just do not understand what is being asked.

Just SSO. Pllleeeeaaaassseeee. You are now the only SaaS platform we use outside our SSO. Don't be that company who has to get breached before they start implementing basic security requirements.

The issue is even greater than that - without SSO we can't enable Conditional Access, which means users (staff, outsourcing companies, anyone) can access Xero on their home computers, library computers, anywhere, and download our client data. In its current form Xero is fundamentally not secure for business.

Just to be clear, it's not just about the ease of login. At the moment Xero doesn't provide a method of enforcing MFA or adding security monitoring & control on the login.

That makes it a liability, for example a user without MFA is potentially a regulatory breach and potential lawsuit, aside from the obvious security and privacy impact. Being divorced from the enterprise means it's not being monitored the same way.

In short if a user falls victim to phishing and a hacker gets caught and blocked automatically in the enterprise, they still potentially get full access to Xero accounts until somebody pops over and resets the account manually, and who knows what personal & financial data access and damage they could do in the interim

That's why we need SAML or Azure SSO etc.

Ease of use is a bonus, but really it's all about de-risking the use of Xero in a normal enterprise.

No, we don't want Azure integration, we want generic SAML that works with any ID provider. But you've closed that idea, even though it is the solution to SSO.

Bump! Let's do this Xero.

Microsoft Azure AD as the IdP doing user provisioning using SCIM please. Will sort out more than SSO.

My team and I can achieve this for you within two weeks. Please reach out to us and we will sort it. It doesn't need to take years. I promise.

"and this will take a few years to achieve..." Seriously???

In todays digital world, this is a critical security function that should be urgently added to Xero.

Unbelievable. The relative ease to implement and the criticality of the functionality means, at the very least, there should be a date planned for this. Should really have been in place for years now though. It's nothing new!

How is this still not on a roadmap?!

I would not classify this as important I would classify this as critical or must have.

This shouldn't be an optional extra or an after thought.

How far from the roadmap is this functionality?

We would like to setup (SSO) Setup Single Sign-On with "our" Microsoft tenant to control any security breeches

I have looked around your documentation however I only find links to setting up SSO for the HUB or MFA which is not what we are looking for.

Hello! I was the second person to vote for this feature back in 2013... and here I am, voting again in 2022.

"A few years"... will it be another 9? I certainly hope not.

If there's a concern around 2FA with the ATO, then there's nothing stopping Xero from enforcing its own 2FA after the login flow via SAML or OAuth has completed.