Enter your idea

Yes, I concur with everyone else who is requesting a standards-based implementation that will work with any identity provider. Please do not lock the implementation into a single identity platform.

And I agree that it would be a solid addition to Xero to improve the RBAC granularity available so that the accounting functions can be partitioned beyond just the four user roles that are available currently. This is why I had suggested that Xero look at what Stripe did in its SAML implementation to drive permissions based off the SAML Attributes from the IdP.

Please don't limit this to Entra. Use something standards based, eg. SAML, OIDC. They will still work with Entra.
I appreciate you only just caught up with mandating MFA, but lack of proper controls is irresponsible.

Hi Kelly,

This isn’t about convenience. It’s about identity security.

Xero does not expose sign-in logs (successful/failed), source IPs/locations, or provide native controls like geo-blocking or Conditional Access. Without those, we have no verifiable authentication telemetry and no policy enforcement at the identity edge.

Bottom line: the current setup lacks a critical security layer. To meet baseline controls, Xero access must be fronted by an IdP (SSO + MFA) with Conditional Access and logging routed to a SIEM. Until that’s in place, you cannot claim adequate identity assurance.

Yeah.... in development! ...by 2030 you'll get it, boys and girls .. by then, maybe we'll even have different authentication methods and SSO will be obsolete!

Thank you for the update - only for this, it took what 4-5 years? Mental!

Very happy to hear SSO is in the works!

OICD Entra specifically would be much better! I'll take anything at this point - its 2025!

Thanks, although not just Entra please - standard SAML so that any identity provider can work.

Can we get onto the trial please?

@Kelly, please add me to the SSO beta if possible too. Very interested to be part of this.

You make this sound as though it's a nice to have. With the number of cyber attacks currently happening, having single provisioning and access from Entra would enable us to use features like conditional access, centralised logging, and deprovisioning of users from one place without the need to manage it in Xero. Your RBAC is terrible; offering almost no granularity of user management, and there's no way to mandate security controls like MFA centrally. It's really not a nice to have, but a necessity because either you own security needs a tremendous amount of work, or you could just use existing known services like Entra. Xero is fast becoming the old competition that it used to overtake and it's time to wake up.

As with Joel's comment, I'm also an IT provider and have clients (and myself) who would love to be part of the beta when it becomes available. Thankyou for finally listening to the feedback on this. Also please don't join the https://sso.tax wall of shame - make this available to all plans, or at least not exclusively on the highest tiers

This is fantastic to see! I have been upvoting and commenting for this for years.
Kelly, we’re a Microsoft partner and Xero customer and have many customers using Xero as well as deep experience with Entra ID and SSO integrations. Is it possible to get into the beta program.

Thanks for the updated Kelly - really great there's some activity in progress. We're actually an identity and access management consultancy (who is a Xero customer). Is there a way we could get involved in this? Thanks!

@kelly so happy to see this is finally in development and hopefully it gets the dev priority it deserves to enhance Identity and Access Management for Xero customers.

Thank you Kelly,

Very grateful that you picked this critical SaaS security feature request up and are finally taking it seriously.

Note that there's a lot of ideas asking for the same kind of generic SAML2.0 / SCIM / OIDC type functionality going back over 10 years. Over that time, as you'll have seen from our comments a lot of faith in Xero and this process has been lost.

I can see you aren't giving a definite timeline or commitment but even if you can't do that, what would be great is either when you will be able to offer us that timeline, or when we can at least expect another update so we know this isn't just words.

Many thanks again for finally getting your team onboard.

Works for me incognito:
https://feedback.xero.com/jfe/form/SV_29u5ddCM77x11aK

That feedback link below doesnt work. I note that https://feedback.xero.com/ goes to Xeros internal Okta SSO login prompt....!

Smash them on the survey guys
https://feedback.xero.com/jfe/form/SV_29u5ddCM77x11aK?

We are going through the process of moving everything possible to SSO and feel at this time in late 2025 Xero is going to fall behind if they don't act on these capabilities to offer their customers. Move it up the development list.

@Andrew A - fair comment. Xero SSO would be better and cheaper and if it arrives we will definitely use it!