Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
John McRoberts commented
"and this will take a few years to achieve..." Seriously???
-
Noel Ashpole commented
In todays digital world, this is a critical security function that should be urgently added to Xero.
-
Ian Lazzari commented
Unbelievable. The relative ease to implement and the criticality of the functionality means, at the very least, there should be a date planned for this. Should really have been in place for years now though. It's nothing new!
-
Aimee white commented
How is this still not on a roadmap?!
-
Luigi Bufalino commented
I would not classify this as important I would classify this as critical or must have.
This shouldn't be an optional extra or an after thought.
How far from the roadmap is this functionality?
-
Amedeo Fazi commented
We would like to setup (SSO) Setup Single Sign-On with "our" Microsoft tenant to control any security breeches
I have looked around your documentation however I only find links to setting up SSO for the HUB or MFA which is not what we are looking for.
-
Dave Philp commented
Hello! I was the second person to vote for this feature back in 2013... and here I am, voting again in 2022.
"A few years"... will it be another 9? I certainly hope not.
If there's a concern around 2FA with the ATO, then there's nothing stopping Xero from enforcing its own 2FA after the login flow via SAML or OAuth has completed.
-
Matthew Stringer commented
I'm actually flabbergasted that this has been an item on Xero's agenda since 2013, and here we are in 2022 and you are telling us its a few years to achieve Dana. Quite unbelievable to be honest.
You do not need further input on how this will help us better manage our accounts. I am quite sure your CTO understands very clearly why supporting Azure SSO/SAML integration leads to better client security, he was, after all, CTO of Microsoft New Zealand.
-
Milena Lowe commented
So it has been 9 years, when are you likely to put this critical security feature in place? I would have thought 9 years was a few years. I cannot believe it hasn't been done already. This will make or break our decision in moving to the platform fully.
In our current world of cybersecurity threats, you do not take this seriously enough. Look at Optus, Medibank, Clinical Labs and so on and so on! -
Ian Lazzari commented
This is the only SaaS product in use by our business that doesn't support SAML authentication. We have even added it to our own offering and I'm quite sure our resources are a lot less than yours!
You don't even have to choose a specific IDP such as Azure. The vast majority would be covered once you support SAML. -
Tom Sander commented
Unbelievable that this suggestion was made in 2013 and no progress has been made. This is close to essential in providing security through a single point of truth for user account management, not to mention any conditional access rules implemented within the Azure tenancy.
-
Keith Fountain commented
This should be your number one priority and shouldn't take long to implement, especially with a development team of the size we presume you have as a multinational company. It's just an Azure Enterprise application that you should be able to put together in a couple of months at the outside, not years. I will be suggesting to our finance department that they look at different software.
-
Angus Hayes commented
Dana, Azure SSO integration (and integration with all external identity providers for that matter) should be relatively easy to implement with the Security Assertion Markup Language (SAML). We're not asking Xero to re invent the wheel here, most software as a service companies have had this functionality for several years at least by now. It's a little concerning that a financial software company with a large market share in AU/ NZ and beyond considers this matter a long running journey. I suggest that this should be prioritized or Xero will risk losing customers to other providers who prioritize their customers security.
-
Nathan Morel commented
It should not be 'a few years to achieve', this is a security hole and needs to be prioritized.
-
Ashleigh Green commented
Xero is in our security exception register. This isn't a nice place to be.
-
Jordan Stewart commented
A must have
-
Tony Hettiarachchi commented
great idea
-
Sean Hilton commented
Essential
-
Susan Thearle commented
This is critical to our ongoing use of Xero as our IT ecosystem require this level of security as a minimum. AS others have already said - long overdue.
-
Paul Mills commented
Esssential to align with the security posture of out IT ecosystem.