Enter your idea

SSO is a minimum requirement for most enterprise organisations for any SaaS application.

Xero, I find it unforgiving to not have this feature enabled in a modern SaaS application. By the time of voting for this enhancement, there's 611 votes, if each one of these represent a company with 10 users, we're already enhancing the authentication of over 6100 users. Is that not reason enough to develop this feature?

The exemption for using Xero in my enterprise expires soon. If it's not renewed or re-approved, then we'll look at a different provider.

Our company's policy requires a formal exemption from our overseas parent for any third-party software that does not support external SSO. It is challenging to continue using Xero without this feature. This needs to be a development priority for Xero.

Key requirements to this functionality is more than convenience of SSO. When identity is Entra ID integrated we have the ability to gather detailed logging of application access that allows for suspicious activities such as atypical travel, impossible travel, credential compromise. We also have the ability to use Identity based access controls to define additional levels of application access such as geo blocking, how often MFA is required and what type of devices (E.g. corporate managed) are allowed to access the app.
Incredibly important to securing application access to an app that contains sensitive corporate data.

I hope you guys are doing SAML or OIDC SSO that way I can use a provider other than Entra ID. Google Workspace SSO with SCIM would be really big for us.

Can't believe this critical security feature is not available in 2025!! Come on Xero sort it out. If you don't you will lose customers, including me.

I can't wait for this to happen as we are moving all entries to SSO via Entra. Please keep me informed when this goes live.

They comply with ISO 27001 (and SOC 2 I've just noticed) so I'm comfortable with the back end protections.

SSO is a nice to have, especially for smaller businesses (which I believe is Xero's target market), so while it's taken a while to get here I'm happy that it's finally coming ... but it was never a deal breaker for us.

Too little, FAR too late. We have moved away from Xero.
I it’s on one of the original threads about 4 years ago.
Xero was the last of our critical applications to even consider Entra integration. It made us think, with this attitude towards a core security function, what is happening with our data in the background, eg encryption, key management, access controls, secure coding etc.
We had no other choice but move to an alternative vendor.

Finally.... hope its not too far away from release. Long overdue.

You'd think this would be a no-brainer...

+1 for supporting SAML or OIDC. Limiting it to Entra is not useful

Yes, I concur with everyone else who is requesting a standards-based implementation that will work with any identity provider. Please do not lock the implementation into a single identity platform.

And I agree that it would be a solid addition to Xero to improve the RBAC granularity available so that the accounting functions can be partitioned beyond just the four user roles that are available currently. This is why I had suggested that Xero look at what Stripe did in its SAML implementation to drive permissions based off the SAML Attributes from the IdP.

Please don't limit this to Entra. Use something standards based, eg. SAML, OIDC. They will still work with Entra.
I appreciate you only just caught up with mandating MFA, but lack of proper controls is irresponsible.

Hi Kelly,

This isn’t about convenience. It’s about identity security.

Xero does not expose sign-in logs (successful/failed), source IPs/locations, or provide native controls like geo-blocking or Conditional Access. Without those, we have no verifiable authentication telemetry and no policy enforcement at the identity edge.

Bottom line: the current setup lacks a critical security layer. To meet baseline controls, Xero access must be fronted by an IdP (SSO + MFA) with Conditional Access and logging routed to a SIEM. Until that’s in place, you cannot claim adequate identity assurance.

Yeah.... in development! ...by 2030 you'll get it, boys and girls .. by then, maybe we'll even have different authentication methods and SSO will be obsolete!

Thank you for the update - only for this, it took what 4-5 years? Mental!

Very happy to hear SSO is in the works!

OICD Entra specifically would be much better! I'll take anything at this point - its 2025!

Thanks, although not just Entra please - standard SAML so that any identity provider can work.

Can we get onto the trial please?

@Kelly, please add me to the SSO beta if possible too. Very interested to be part of this.