Settings and activity
1 result found
-
580 votes
Hi everyone, we appreciate all the feedback and votes on this idea. We know using Microsoft Entra ID SSO is now common practice for some businesses and being able to access Xero via a native integration with Entra ID would streamline how your teams log in and get set up in Xero, as well as help in managing access for larger teams and keeping things secure.
Our product team have been working with a small limited group of Partners to develop SSO capabilities. Though we can't give any definite timelines yet, we’ll keep this thread updated with news. Thanks
An error occurred while saving the comment An error occurred while saving the comment
Andrew Anderson
commented
@Chris Okta's SWA is a browser plugin solution that performs credential stuffing into login forms.
While it would permit for using Okta as a launching point, it does not provide the same level of capabilities and (I would argue) security that a native OIDC/SAML solution would provide.
An error occurred while saving the comment
Andrew Anderson
commented
Also take a look at what Stripe did in their SSO implementation to handle advisors with multiple clients/organizations, role assignments via attribute mappings, and their EXCELLENT testing and troubleshooting tools that ensure the SSO configuration is working.
Andrew Anderson
supported this idea
·
An error occurred while saving the comment
Andrew Anderson
commented
Please add Okta to the list of IdPs that should be supported when SAML SSO is added to Xero.
Yes, I concur with everyone else who is requesting a standards-based implementation that will work with any identity provider. Please do not lock the implementation into a single identity platform.
And I agree that it would be a solid addition to Xero to improve the RBAC granularity available so that the accounting functions can be partitioned beyond just the four user roles that are available currently. This is why I had suggested that Xero look at what Stripe did in its SAML implementation to drive permissions based off the SAML Attributes from the IdP.