Enter your idea

In positive news, Hubspot just announced that they've added SSO support using SAML2.0 to their non enterprise tiers so that organisations can maintain good security regardless of size.

Nice to know it's not every SaaS provider that just complete ignores hundreds upon hundreds of requests from their customers for standard security functionality necessary for SaaS applications. It's just Xero.

our ISO auditors are advising to shift away from Xero due to the lack of security features (SSO DKIM) e.t.c sad to see from such a big name but guess im planning to leave them now

This is an absolutely essential feature for all cloud apps. It not only improves security, but also makes the customer experience so much better.

To be a leading product this feature should already be implemented.

I went to the NZ Cyber security Summit in Wellington a week ago. Crowdstrike gave a presentation where someone senior from Xero took part in the presentation. The audience was a few hundred cyber professionals. Xero person went to great lengths to point out how conscious Xero is about customer cyber security on the platform. Knowing SSO is still not available in Xero was a topic at lunch afterwards. Time to get serious on this Xero instead of talking a big game about Cyber Security. The reality is not in line with the marketing!

SAML / SSO is pretty much expected in 2025. We're a cyber security provider and every other software package in the market, let alone a global one, supports this.

Can we get a commitment as to when this will be made available?

Agree with many of the comments below. This is a widely adopted and expected feature that many of us have to have in place to comply with various security accreditations. It would be great to have this in place ASAP.

We are moving everything to single Sign on and Xero being one of our critical apps, this will be important for how we move forward. Would be good to have an urgent update on your plans for this so people can manage things accordingly.

So in 2022 you identified that your customer base wants SSO, and in 2024 confirm no commitment or dev has been done for it. Major disappointment!! Your app is going the way of the dinosaur. Its time to catch up to the most BASIC app standards, or you will die off. Who is running this ship? They need a wake-up call!

It's great to see this getting more attention from the community.

Hopefully the Xero Team takes notice.

More to the point, the Australian government ACSC Essential8 now requires it.

We are implementing the Australian ESSENTIAL 8 security measures. Can we have single sign on so we can use phishing resistant MFA & log MFA failure? https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model

We are also likely needing to switch platforms this year as a result of this missing feature. This is disappointing as we have been a Xero customer since 2012.

Please add this Xero - it's crazy that this has been on the Ideas Board since 2013 and has a huge number of votes.

It's such an easy implementation for a dev team to roll out and dramatically improves the security of Xero and opens up the customer base to anyone under ISO27001 etc.

Another publicly listed company not taking security seriously.

Just disappointing really.

It won't be long before they make the news.

This is so frustrating that Xero does not support basic security features in 2025.

Any planned support for Okta / SAML?

We're planning iso27001 and this will be a deal breaker. If its not on the 2025 roadmap, we'll need to leave the platform.

This is an absolute requirement moving forwards.

we are currently attaining ISO 27001 and this is a requirement.
Its not a nice to have its a must have.