Settings and activity
1 result found
-
379 votes
Hi community, we appreciate many businesses have adopted single sign on with providers like Google, Microsoft Azure/Entra, and Okta to easily streamline logins to many applications and manage operational risk. Our team are staying close to votes and feedback of the idea here, and though we can't commit to development at this time, we will be sure to let you know of any progress toward enabling single sign on
An error occurred while saving the comment An error occurred while saving the comment 
Lauren Child
commented
This idea is on here three times - search for SSO.
Lauren Child
supported this idea
·
Just to be clear, it's not just about the ease of login. At the moment Xero doesn't provide a method of enforcing MFA or adding security monitoring & control on the login.
That makes it a liability, for example a user without MFA is potentially a regulatory breach and potential lawsuit, aside from the obvious security and privacy impact. Being divorced from the enterprise means it's not being monitored the same way.
In short if a user falls victim to phishing and a hacker gets caught and blocked automatically in the enterprise, they still potentially get full access to Xero accounts until somebody pops over and resets the account manually, and who knows what personal & financial data access and damage they could do in the interim
That's why we need SAML or Azure SSO etc.
Ease of use is a bonus, but really it's all about de-risking the use of Xero in a normal enterprise.