Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Peter Barsdell commented
Very sad to see that this issue has been on the product ideas website since September 2013... and only just now in April 2024 do we get a post from the community manager. Saying that, thankyou Kelly Munro for giving us a response.
Id also like to add a note for others, the permission system in Xero is a big problem too, and probably a blocker to this. there has been an issue on the product ideas site (since this site was created) about the inability to give xero users access to the products section of xero without letting them see the bank feed. Though in theory this should be a simple intergration for xero to built, to me, as an outsider, Xero have a lot of work on their permissions system before they can work on this.
-
Simon Hurlstone commented
Xero not having SSO is the biggest gap in our security: Full stop.
-
Anthony Koochew commented
Absurd that in this day and age Xero doesnt support SSO.
-
Nicolas Naim commented
Adding my vote to this. It's hard to understand why Xero is just staying close to the votes on this. This should be no brainer decision. Xero operates in the financial space, you have payroll data, employee data, tax data. SSO should be treated as a must have and not as something nice to have.
-
Jan van der Kolk commented
Please add support for SSO, ideally customer SAML or OIDC so every identity provider can be integrated. We user Okta ourselves. The other major ones are Entry ID (Azure AD) and Google Workspace.
It is very disappointing that this is still not supported in 2024. This should not be much work at all and just needs to be prioritized as it currently is a huge security risk.
Your latest message is not promising at all and makes us consider moving to NetSuite instead.
-
Nathan Morris commented
This doesn’t enthuse me knowing how crucial this is for any cyber conscious accounting firm, but at least it’s still on the cards! My flame of hope is not egxtingished!
-
Toby Harbanuk commented
I'm with the others. Please enable SSO with Azure, Google's ecosystem, etc.
-
Adrian King commented
This needs to be prioritised, vendors in the financial services space cannot operate with such a gulf in good security hygiene.
-
Nigel Clark commented
Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.
If you need convincing please check up on the following:
Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust
Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication
This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.
Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.
Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.
-
Steve Bates commented
Yep adding my 2c- SSO is a no brainer,
I want to disable leavers in Azure AD and not have to faff around working out if they also had a Xero account.
This should not be a significant piece of work - if the overall authentication is well architected. THis poses a different question. -
Helene Gasser commented
Hi Dana
I have been advised by our Chief Information Security Officer that we have to find a new payroll program if XERO can't provide SSO/idp integration. This is a very important requirement for sensitive data like payroll/personal information/bank details etc
Can you please advise of the progress of Azure SSO, the last info is dated 15/09/2022. I would like to keep XERO portal, however if security is not getting provided from your side we need to cancel our Subscription. We are using XERO since 2017 and are otherwise very happy with the performance.
Please discuss with XERO Management and let us know of the SSO progress as soon as possible. Thank you, best regards Helene
Tricentis APAC Pty Ltd -
Richard Over commented
I'm afraid this is becoming a make or break deal without a secure Azure SSO. Our clients are tier one financial instituations and they are insisting this is implemented across their supplier next work.
-
Michael Brown commented
Dear Xero
By allowing customer to use Azure SSO, you would be mitigating your responsibility for data security. You would reduce to almost zero your responsibility for data breaches due to customers password / MFA etc.
Other providers (such as Azure SSO) are far more sophisticated that your offering. It's a couple days work of development for a junior team member and another week of documentation.
We would all love your help.
Thanks Michael
-
Adam Jones commented
Please do this, my IT department is pushing us to leave Xero for the lack of support.
-
Aaron Angel commented
See also https://productideas.xero.com/forums/939198-for-small-businesses/suggestions/44960674-sso-add-saml-authentication-support. These ideas should be combined. Separating similar ideas spreads out the votes leading to poor visibility of user demands for product managers.
Like other SSO solutions, Microsoft Entra (formerly Azure AD) supports SAML for external applications, so these ideas are essentially the same. In 2023, people have grown tired of too many passwords and the disparity of security requirements between vendors.
SSO is no longer an esoteric enterprise requirement. It's a minimum requirement for modern SaaS products.
We are considering more expensive products and considering budgets and the potential for migrations because of basic requirements like this.
-
Peter Laycock commented
Guys I don't understand why this will take such a long time? I know Dev's that can punch this out in a few weeks, let alone years? I'm a security engineer in Azure that works with a lot of apps and I know this incorrect.
?????
-
Matthew Smith commented
This is a must have in so many industries. Luckily my company is small right now, in a year from now, we will likely need to move to a provider that uses SSO.
-
Luigi Bufalino commented
This isn't a several-year process to implement..... If you spent half as much on development as you did on your parties and events, Xero may find that this would be a really short journey.
-
Martin Burns commented
As a SaaS company born in the cloud, it amazes me that you haven't yet implemented Azure AD SSO...
-
Ryan Byrne commented
This is urgently required.