Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Ryan Byrne commented
This is an absolute requirement moving forwards.
-
Andrew Lomas commented
we are currently attaining ISO 27001 and this is a requirement.
Its not a nice to have its a must have. -
Mike Baptiste commented
As the push towards Passkeys kicks into high gear in 2025, Xero is way behind here. Most small businesses have Google Workspace or Microsoft 365. These are some of the most secure authentication methods because they've been pushing their users towards 2FA and now Passkeys. At the very least there should be native Passkey support, but ideally, SSO/SAML support for the like of Google. Microsoft, Okta, and Duo. This is the only 'major' app in our business stack that still relies on direct password authentication. Everything else is Passkeys or Google SSO Auth.
-
Nicholas Piasecki commented
Please please pretty please
-
Richard Clegg commented
I concur with Adam.
I work for an ISO 27001 consultancy, and Xero appears on many of our clients' risk registers for this.
Given QuickBooks Online doesn't appear do this either, implementing it would give Xero a marketable USP in the small business space to pick up the SMB's that take cybersecurity seriously (which is a large chunk) and hoover up some of QB's market segment.
I don't know if the reticence is the complexity of implementing it, or the expected time commitment to supporting users afterwards, but the demand for it isn't' going to go away ... and if Xero can't deliver, I can see some of our customers moving away to other solutions that do (and as a consultant, I can't blame them either).
-
Adam Blanken commented
Here we are, 11 years on with no traction.
Xero is specifically highlighted in our cyber risk register due to its lack of integration with external identity providers.
-
Juan Olveira commented
For us, it is critical to have user integration.
-
IT Admin commented
Hey team, I think adding Single Sign-On (SSO) to Xero would be a fantastic enhancement for all of us. SSO allows users to access multiple applications with just one login, making our daily tasks smoother and reducing the hassle of remembering multiple passwords. Plus, it aligns with the National Cyber Security Centre (NCSC) guidelines for strong authentication methods, which means better security for our data.
Many other products already offer SSO as a standard feature, so incorporating it into Xero would help keep the platform up to date with industry standards. It also supports compliance with schemes like Cyber Essentials, showing a commitment to best practices in cybersecurity. It would be great to see Xero take this step to protect its users and make our experience even better.
-
Peter Zaracostas commented
Spin Doctor Kelly. Please don't sell this as an idea.
-
Lauren McMaster commented
Hi Kelly, I note in your reply you acknowledge the 'operational risk' that businesses are attempting to minimize. Not sure why Xero would want their product as part of the problem instead of part of the solution? I strongly agree with the request of other users that this is implemented.
-
Paul Harvey commented
Yes please prioritise this, this is an important step for many organisations security.
-
Brendan Tate commented
Critical for security in this day and age. please prioritise development
-
Mark Anyon commented
SIngle sign on capability with Microsoft Azure and/or Okta would certainly increase our security posture
-
Simon Pilot commented
The purpose needs to be changed from easily login to cybersecurity: "Successful and unsuccessful multi-factor authentication events are centrally logged". This is a security compliance issue.
This is preventing my company achieving Australia's Essential 8 Cybersecurity Maturity levels above level 1
-
Keith Fountain commented
Interestingly, if you switch to ideas that are in progress, there are many that have far fewer votes than this post that are being worked on - how many votes do we need to get before you add this to your road map, or at least tell us why you are so reticent about implementation.
-
Shahiq Sarkar commented
It is sad to see that the response from Xero from 2014 has been the same, please upvote and we will look into it. Then come in development updates, sorry we have no roadmap for this. It is essential that we manage user accesses in larger organisations.
-
Kenneth Luu commented
It is highly unusual that an essential feature like this does not exist in 2024 when Xero was started in 2006. The SAML standard has been around longer than Xero has been a company. This is an essential quality-of-life and security visibility feature.
-
Gareth Hardman commented
SSO is not only desired, it is REQUIRED. We are no longer onboarding any new systems that do not afford single sign on, for all the reasons of security, access control and account management that have already been stated.
Like others have mentioned, if we cannot have this level of security and account management on the Xero platform then we will be forced to look at alternatives that provide it.
Being in the financial sector we are heavily and continually audited by external parties, and the main thing that gets brought up on every report is the lack of SSO security with Xero.
-
Simon Pilot commented
Single Sign On SSO with Microsoft Entra ID is required to restrict logins to compliant devices only. We don't allow BYOD access to Xero but we can't enforce this check without SSO sign in workflows. This represents an unacceptable risk to our business.
-
Iain Enticott commented
This is an absolute MUST, and XERO is on our risk register until this is released. This is not a feature but a standard requirement for SaaS applications today.