Enter your idea

As the push towards Passkeys kicks into high gear in 2025, Xero is way behind here. Most small businesses have Google Workspace or Microsoft 365. These are some of the most secure authentication methods because they've been pushing their users towards 2FA and now Passkeys. At the very least there should be native Passkey support, but ideally, SSO/SAML support for the like of Google. Microsoft, Okta, and Duo. This is the only 'major' app in our business stack that still relies on direct password authentication. Everything else is Passkeys or Google SSO Auth.

Please please pretty please

I concur with Adam.

I work for an ISO 27001 consultancy, and Xero appears on many of our clients' risk registers for this.

Given QuickBooks Online doesn't appear do this either, implementing it would give Xero a marketable USP in the small business space to pick up the SMB's that take cybersecurity seriously (which is a large chunk) and hoover up some of QB's market segment.

I don't know if the reticence is the complexity of implementing it, or the expected time commitment to supporting users afterwards, but the demand for it isn't' going to go away ... and if Xero can't deliver, I can see some of our customers moving away to other solutions that do (and as a consultant, I can't blame them either).

Here we are, 11 years on with no traction.

Xero is specifically highlighted in our cyber risk register due to its lack of integration with external identity providers.

For us, it is critical to have user integration.

Hey team, I think adding Single Sign-On (SSO) to Xero would be a fantastic enhancement for all of us. SSO allows users to access multiple applications with just one login, making our daily tasks smoother and reducing the hassle of remembering multiple passwords. Plus, it aligns with the National Cyber Security Centre (NCSC) guidelines for strong authentication methods, which means better security for our data.

Many other products already offer SSO as a standard feature, so incorporating it into Xero would help keep the platform up to date with industry standards. It also supports compliance with schemes like Cyber Essentials, showing a commitment to best practices in cybersecurity. It would be great to see Xero take this step to protect its users and make our experience even better.

Spin Doctor Kelly. Please don't sell this as an idea.

Hi Kelly, I note in your reply you acknowledge the 'operational risk' that businesses are attempting to minimize. Not sure why Xero would want their product as part of the problem instead of part of the solution? I strongly agree with the request of other users that this is implemented.

Yes please prioritise this, this is an important step for many organisations security.

Critical for security in this day and age. please prioritise development

SIngle sign on capability with Microsoft Azure and/or Okta would certainly increase our security posture

The purpose needs to be changed from easily login to cybersecurity: "Successful and unsuccessful multi-factor authentication events are centrally logged". This is a security compliance issue.

This is preventing my company achieving Australia's Essential 8 Cybersecurity Maturity levels above level 1

Interestingly, if you switch to ideas that are in progress, there are many that have far fewer votes than this post that are being worked on - how many votes do we need to get before you add this to your road map, or at least tell us why you are so reticent about implementation.

It is sad to see that the response from Xero from 2014 has been the same, please upvote and we will look into it. Then come in development updates, sorry we have no roadmap for this. It is essential that we manage user accesses in larger organisations.

It is highly unusual that an essential feature like this does not exist in 2024 when Xero was started in 2006. The SAML standard has been around longer than Xero has been a company. This is an essential quality-of-life and security visibility feature.

SSO is not only desired, it is REQUIRED. We are no longer onboarding any new systems that do not afford single sign on, for all the reasons of security, access control and account management that have already been stated.

Like others have mentioned, if we cannot have this level of security and account management on the Xero platform then we will be forced to look at alternatives that provide it.

Being in the financial sector we are heavily and continually audited by external parties, and the main thing that gets brought up on every report is the lack of SSO security with Xero.

Single Sign On SSO with Microsoft Entra ID is required to restrict logins to compliant devices only. We don't allow BYOD access to Xero but we can't enforce this check without SSO sign in workflows. This represents an unacceptable risk to our business.

This is an absolute MUST, and XERO is on our risk register until this is released. This is not a feature but a standard requirement for SaaS applications today.

This is such a standard and critical feature that virtually every SaaS offers. I don't understand why a company as big as Xero doesn't offer it.

Would really like Xero to support SAML provided by an external authenticator. It would make our systems so much more secure and manageable.