Enter your idea

Hi Xero, one big vote here from a cyber security firm using your service for 10 years now. He have Microsoft Entra ID SSO sign-in for every app except Xero. This is a compromise, having to have additional passwords out there. You are about to increase your pricing again, and I thought that something like this would have been implemented at the very least. It's been a long time already.... let's get up to speed, please.

Has this idea really been here for nearly 10years?
It beggars belief that on a system holding the most sensitive information a company has together with the ability to make payments etc this isn't already implemented.
Xero is quickly proving that it's only suitable for very small businesses and as soon as security is a concern you have to shop elsewhere for your accounting software.

Will XERO only adopt industry standards AFTER their home grown security system has been compromised? Our CISO is asking for the same thing as everyone else - the ability to integrate with Azure should be mandatory, this is not a finance function and should be performed by a business with a track record in security

I dont think Xero care about security because if they did this would at least being worked on.

Xero is behind the competition in not offering this. This is a very common feature and as others have said, weighs on our decision to continue to use Xero. The correct response Kelly should be the team has deemed this an urgent priority. Wild that Xero still thinks they need to gauge interest or collect votes for this. That reflects poorly on Xero's stance on security and their understanding of SaaS in general.

Just implemented Xero and looked into SSO and its not available. From a security and user perspective SSO is very important and should be available as a standard feature.

This is very long overdue and for an otherwise great product, this is a glaring weakness/deficiency. Most tech companies implemented SSO with major IDP solutions 4-5 years ago, if not longer.

Recall many only voting here because you previously closed the highly voted submission requesting generic third-party SSO years ago.

This idea comes from IT professionals and seems unimportant to their financial minds - sorted by the number of votes, it only goes to page 4!
It's such a shame XERO! You should be ashamed that you take IT security in such a derogatory and joking way, but I am sure it will come back to you - it's just a matter of time!

.... disappointing!

I can not stress enough that in April 2024, the lack of SSO in Xero is a very large black mark against the continued use of the software.

On every RFP for my clients DDQ's, and I have to call out the lack of SSO in Xero.

I run my own business but also work for a large financial services company.

Our biggest security gap is no SSO on Xero.

If I can get my big company off Xero I will. Lazy not to have it.

Very sad to see that this issue has been on the product ideas website since September 2013... and only just now in April 2024 do we get a post from the community manager. Saying that, thankyou Kelly Munro for giving us a response.

Id also like to add a note for others, the permission system in Xero is a big problem too, and probably a blocker to this. there has been an issue on the product ideas site (since this site was created) about the inability to give xero users access to the products section of xero without letting them see the bank feed. Though in theory this should be a simple intergration for xero to built, to me, as an outsider, Xero have a lot of work on their permissions system before they can work on this.

Xero not having SSO is the biggest gap in our security: Full stop.

Absurd that in this day and age Xero doesnt support SSO.

Adding my vote to this. It's hard to understand why Xero is just staying close to the votes on this. This should be no brainer decision. Xero operates in the financial space, you have payroll data, employee data, tax data. SSO should be treated as a must have and not as something nice to have.

Please add support for SSO, ideally customer SAML or OIDC so every identity provider can be integrated. We user Okta ourselves. The other major ones are Entry ID (Azure AD) and Google Workspace.

It is very disappointing that this is still not supported in 2024. This should not be much work at all and just needs to be prioritized as it currently is a huge security risk.

Your latest message is not promising at all and makes us consider moving to NetSuite instead.

This doesn’t enthuse me knowing how crucial this is for any cyber conscious accounting firm, but at least it’s still on the cards! My flame of hope is not egxtingished!

I'm with the others. Please enable SSO with Azure, Google's ecosystem, etc.

This needs to be prioritised, vendors in the financial services space cannot operate with such a gulf in good security hygiene.

Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.

If you need convincing please check up on the following:

Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust

Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview

MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication

This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.

Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.

Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.