Login - Enable Windows Azure Active Directory Single Sign On
Ability to use Azure Active Directory for MFA.
Purpose: It makes Microsoft users easily log into Xero.
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
-
Josh Hunter commented
The application in our environment that needs the most security is one of our least protected. Strongly requesting this feature from Xero. Thanks.
-
Daniel Suttle commented
Xero - please accelerate this. It was so long ago that this was originally requested. I voted for a post previously that now seems to have been deleted, and doesn't show in your closed history. What's going on? Come clean and tell people why it hasn't been done yet, and when it will be done by. You have got to realise that your position on this just doesn't make any sense!
-
Tom Burton commented
With Azure (as well as Google suite) offering industry standard OAuth and OIDC interfaces it really shouldn't be a several year journey. If this was important you could implement it within little more than a month. Big vote from me.
-
Alex Parkinson commented
Will likely have to leave Xero in the next 12 months if this isn't addressed. Basic requirement these days, disappointing from an otherwise great product.
-
Jason Hensley commented
In 2023 this is now a basic requirement for org security. SAML 2.0 to integrate with major Identity Providers, including Azure. Xero, step it up and get this done!
-
Keith Fountain commented
Apologies for my passive aggressive comments in the past, they are borne from the frustration of not getting any real commitment, response or timeline for this request.
The reason we want SSO is so that when we disable a users account, they are locked out of everywhere from that moment. If we have multiple applications with multiple user accounts and we have to send requests to different department administrators to get these accounts disabled, it invariably means delay. In the current climate, the damage that can be done by an employee on a GDPR level can be immense if one account is overlooked, or the person that manages that application is off on that day. When all logins are controlled by a single account disabled=blocked, which you would think a company of Xero's size and reach would understand.
Please give us some kind of indication about the current roadmap and a projected date for implementation so we can remove Xero from our risk register.
-
Ben Nichols commented
As everyone says, this is absolutly critical. Being able to restrict access to Xero via Azure AD Conditional Access is critical.
Xero! Why would you NOT want to absolve yourself of the responsibility of handling authentication - hand that off to Azure AD, and that's one less thing to worry about (and be compromised!)- it makes it the customer's (and Microsoft's) responsibility then.
-
Ben Humphreys commented
We are likely to have to move away from Xero due to Qld Law Society Cyber Security requirements. Even as a small law firm, we are now required to have in place Conditional Access for all prctice accounts, systems and data. If Xero cannot provide Azure SSO we will not have a choice but move to a provider who can!
-
Alex Steer commented
Unfortunately, the lights are on but it doesn't appear that in many many years of customers begging for SSO through a 3rd party IdP via the open standard SAML2.0 protocol that they're listening, or maybe just do not understand what is being asked.
-
Patrick Burgess commented
Just SSO. Pllleeeeaaaassseeee. You are now the only SaaS platform we use outside our SSO. Don't be that company who has to get breached before they start implementing basic security requirements.
-
Dan Harmer commented
The issue is even greater than that - without SSO we can't enable Conditional Access, which means users (staff, outsourcing companies, anyone) can access Xero on their home computers, library computers, anywhere, and download our client data. In its current form Xero is fundamentally not secure for business.
-
Lauren Child commented
Just to be clear, it's not just about the ease of login. At the moment Xero doesn't provide a method of enforcing MFA or adding security monitoring & control on the login.
That makes it a liability, for example a user without MFA is potentially a regulatory breach and potential lawsuit, aside from the obvious security and privacy impact. Being divorced from the enterprise means it's not being monitored the same way.
In short if a user falls victim to phishing and a hacker gets caught and blocked automatically in the enterprise, they still potentially get full access to Xero accounts until somebody pops over and resets the account manually, and who knows what personal & financial data access and damage they could do in the interim
That's why we need SAML or Azure SSO etc.
Ease of use is a bonus, but really it's all about de-risking the use of Xero in a normal enterprise.
-
Richard Crozier commented
No, we don't want Azure integration, we want generic SAML that works with any ID provider. But you've closed that idea, even though it is the solution to SSO.
-
Nathan Morris commented
Bump! Let's do this Xero.
-
Cameron Ritchie commented
Microsoft Azure AD as the IdP doing user provisioning using SCIM please. Will sort out more than SSO.
-
Jesse Jones commented
My team and I can achieve this for you within two weeks. Please reach out to us and we will sort it. It doesn't need to take years. I promise.
-
John McRoberts commented
"and this will take a few years to achieve..." Seriously???
-
Noel Ashpole commented
In todays digital world, this is a critical security function that should be urgently added to Xero.
-
Ian Lazzari commented
Unbelievable. The relative ease to implement and the criticality of the functionality means, at the very least, there should be a date planned for this. Should really have been in place for years now though. It's nothing new!
-
Aimee white commented
How is this still not on a roadmap?!