Settings and activity
1 result found
-
570 votes
Hi everyone, we appreciate all the feedback and votes on this idea. We know using Microsoft Entra ID SSO is now common practice for some businesses and being able to access Xero via a native integration with Entra ID would streamline how your teams log in and get set up in Xero, as well as help in managing access for larger teams and keeping things secure.
Our product team have been working with a small limited group of Partners to develop SSO capabilities. Though we can't give any definite timelines yet, we’ll keep this thread updated with news. Thanks
An error occurred while saving the comment 
Nigel Clark
supported this idea
·
Xero… It’s time you woke up to the risks of MFA compromise and token theft and enable the ability for your customers to include Xero within their own Zero Trust framework.
If you need convincing please check up on the following:
Zero Trust: https://www.microsoft.com/en-us/security/business/zero-trust
Conditional Access Policies: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
MFA token theft: https://www.menlosecurity.com/blog/the-art-of-mfa-bypass-how-attackers-regularly-beat-two-factor-authentication
This is something Xero should be using themselves to improve their own security and by the fact this is not high on your agenda for your customers leaves me thinking you are not applying best in class security across your own infrastructure.
Edit: Oh and please update the purpose on the initial request as it’s more about security and not just user experience.
Also, do not expect a large number of up votes for such a request as not many users will see the need for additional layers of security, yet targeted phishing attacks are on the rise and this is a high agenda item for any company who takes security seriously.