Skip to content
← Share and support customer ideas for Xero

Settings and activity

1 result found

  1. Login - Enable Microsoft Entra ID Single Sign On

    580 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    208 comments  ·  For small businesses » Settings & user roles  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    In development  ·  AdminKelly Munro (Community Manager, Xero) responded

    Hi everyone, we appreciate all the feedback and votes on this idea. We know using Microsoft Entra ID SSO is now common practice for some businesses and being able to access Xero via a native integration with Entra ID would streamline how your teams log in and get set up in Xero, as well as help in managing access for larger teams and keeping things secure.

    Our product team have been working with a small limited group of Partners to develop SSO capabilities. Though we can't give any definite timelines yet, we’ll keep this thread updated with news. Thanks

    An error occurred while saving the comment
    Andrew Anderson commented  · 

    Yes, I concur with everyone else who is requesting a standards-based implementation that will work with any identity provider. Please do not lock the implementation into a single identity platform.

    And I agree that it would be a solid addition to Xero to improve the RBAC granularity available so that the accounting functions can be partitioned beyond just the four user roles that are available currently. This is why I had suggested that Xero look at what Stripe did in its SAML implementation to drive permissions based off the SAML Attributes from the IdP.

    An error occurred while saving the comment
    Andrew Anderson commented  · 

    @Chris Okta's SWA is a browser plugin solution that performs credential stuffing into login forms.

    While it would permit for using Okta as a launching point, it does not provide the same level of capabilities and (I would argue) security that a native OIDC/SAML solution would provide.

    An error occurred while saving the comment
    Andrew Anderson commented  · 

    Also take a look at what Stripe did in their SSO implementation to handle advisors with multiple clients/organizations, role assignments via attribute mappings, and their EXCELLENT testing and troubleshooting tools that ensure the SSO configuration is working.

    Andrew Anderson supported this idea  · 
    An error occurred while saving the comment
    Andrew Anderson commented  · 

    Please add Okta to the list of IdPs that should be supported when SAML SSO is added to Xero.