Stay safe online with Xero login & two-step authentication

978 million people in 20 countries were affected by cybercrime in 2017. One in four small businesses experienced a cyber-attack or hacking attempt in New Zealand and Australia (Norton Cyber Security Insights Report 2017 Global Results).

Screenshot of authentication codes on mobile and laptop screens

We care about your important data

Icon of a shield with a tick within

The importance of 2SA

As the business world operates online, cyber attackers and hackers only get more sophisticated. Modern security features such as this offer an important layer of protection for you. Practising sensible cyber safety has become a necessary part of modern life. Just one easily guessed password can stop your business in its tracks.
Icon of a lock

We take security seriously

At Xero, we take data security extremely seriously, so for all our users globally, using a Xero login is a mandatory requirement to enable your WorkflowMax trial or to access your team’s account. In addition, for our Australian users, in accordance with Australian Tax Office rules, the use of two-step authentication is also compulsory. But, we’d recommend it for all our customers too.
Important tutorial

Watch these helpful instructional videos about how to use Xero login to access WorkflowMax

Screenshot of video depicting how to set up 2 step authentication
Product Screenshot (2)

How to access your WorkflowMax free trial or account


Watch the instruction videos above

These videos will help you ensure you are taking the right steps towards a safer account.


Look for an activation email from Xero in your inbox

Our activation email ensures your credentials and identification.


Click on the button link in the email

Clicking the button in your email gives us the green light to set up your account.


Set-up a free Xero login if you don't have one

Follow the steps in the journey to set-up your free Xero login (if you are a new trialist or staff member that’s been invited into an existing account) You’ll need to use a unique email and password.


Activate two-step authentication if you are in Australia

Practicing sensible cyber safety has become a necessary part of modern life. Just one easily guessed password can stop your business in its tracks.


That’s it you’re done!

Now you will always use your Xero login credentials to access your WorkflowMax account.

Tips for logging in

Screenshot of cursor hovering over login

Navigate to WorkflowMax login

You can access your WorkflowMax account by going to the website and clicking on the Login button on the top right corner of the screen.
Screenshot of Xero login screen

Login in with your credentials

You will then see the Xero login screen. Simply enter your Xero credentials and you’ll be taken into your WorkflowMax account.
Screenshot of a bookmark being added

Find your spot again

You can also bookmark this page and save to your favourites. You’ll never need to click on the original activation link again.

Making it easier with one login for all Xero products

You can now use your Xero login credentials across all Xero products including WorkflowMax. Don't worry you don't have to be a Xero subscriber to use Xero login, it's free. Remember, all people in your team who need access to WorkflowMax will be required to set up a unique Xero login - no sharing email or passwords.
See all integrations
Xero and WorkflowMax logos with arrows in between

How to setup 2SA

Step 1 - Download authenticator app

Download an authenticator app to your phone (or desktop if you don't have a smartphone) from your app store. We suggest Google Authenticator and Authy.

Screenshot of app store page for authenticator

Step 2 - Sync the app with Xero

Follow our WorkflowMax Support Centre instructions or watch our videos below to sync the authenticator app to your Xero login and set your security questions.

Screenshot of QR Code scanner screen

Step 3 - Logging in to Xero to access WorkflowMax

Next time you login to Xero, you'll need to enter your email and password as per usual, then open your authenticator app and enter the passcode to sign in.

Screenshot of authenticator app

2SA Device set up


iPhone Set up


Android Set up


Desktop Set up

Frequently asked questions

Our customers occasionally have their account passwords compromised, usually by falling victim to phishing or malware. Using SSO with Xero + two-step authentication significantly reduces the risk of unauthorised access to your account as the attacker can only get "the something they know" (like your login and password), hackers can't usually get "the something they possess" (like the unique passcode generated by the app on your phone), so they can’t log in. This better protects yourself from fraud and damage to your business. 

Our lives are increasingly digital but many people still use and share weak passwords that are easily guessed, or fail to keep software and anti-malware up to date. For this reason, two-step authentication is being used more and more in everyday situations where security and privacy are important, including access to online banking and email.

What may appear to be temporarily inconvenient has been proven to significantly reduce the risk and inconvenience of a compromised account.

Yes, you’ll be able to use your Xero login on your mobile device (iOS and Android). But first, you will need to set up Xero login and 2SA (if applicable) on the web application. Then make sure to upgrade to the latest iOS or Android version to use your Xero login on your mobile.
No. Once the authenticator app is installed and set up on your mobile device, it doesn’t need a mobile or wireless connection to work. Because it’s continually generating new codes that are only valid for 30 seconds, it doesn’t need to connect to anything.

What you do need to make sure of though, is that the time on your authenticator device is in sync with Xero. Xero uses an automatic clock service to set the time, as do most mobile phone service providers, so we recommend you allow your network provider to set the time automatically. Manually setting the time can lead to out-of-sync issues and an Invalid code error
There’s no specific Xero-branded authenticator app. Instead, you can choose from a number of industry-standard authenticator apps. Options include Google Authenticator, FreeOTP and Authy. Just search for ‘authenticator’ from your device in the app store and you’ll see the options available.
No, the authenticator app doesn’t connect to your Xero/WorkflowMax account. It simply provides a one-time time-based numeric passcode that's used as an extra security step during the login process. This means that knowing or guessing your password is not enough to access your account - the passcode is required as well.
For greater security, it’s preferable to have the authenticator app on a different device from the one you use to log in to Xero. But if that’s not possible, you can install an app such as Authy on your laptop or desktop computer. Suggested authenticator apps for phones and desktop computers are listed in one of our other support articles.
If you would like to change the Xero org that your WorkflowMax account is linked to, you can do this easily yourself. Follow the steps below.
Go to Business > Settings > Xero > Options > Disconnect then reconnect with the other Xero Org.  NB. The Xero user account needs to have payroll access.

If you want to change the Xero login that your WorkflowMax login email is connected to, then you need to log a case with the support team who will unlink for you. Then you will be able to follow the normal process to relink your WorkflowMax account with your other Xero org and setup 2SA if needed.
Still need help?
If you still need help with Xero login, please contact our support team in Xero Central.
Log a case