Xoxoday Loyalife enforces two-step verification for administrator logins, ensuring that access to loyalty program configuration and member data meets enterprise-grade compliance standards.
Two-Step Verification in Xoxoday Loyalife
Xoxoday Loyalife requires two-step verification (2SV) for all accounts with administrative privileges. When an admin attempts to sign in, they must confirm their identity through a second factor — typically a time-based one-time password (TOTP) or an authenticator app — before gaining access to the dashboard, program settings, or member data. This enforcement is not optional at the account level. Organizations operating under compliance frameworks such as ISO 27001 or SOC 2 Type II require documented controls around privileged access, and Xoxoday Loyalife’s mandatory two-step policy satisfies that requirement out of the box.Why Mandatory Enforcement Matters
Relying on voluntary adoption of two-step verification leaves security gaps. Xoxoday Loyalife removes that ambiguity by making 2SV a platform-level requirement rather than a per-user preference. This means security teams and IT administrators do not need to audit individual accounts for compliance — the control is built in. For organizations connected to HRIS systems such as Workday or SAP SuccessFactors, administrative credentials often carry elevated access across multiple integrated systems. Enforcing two-step verification on the Xoxoday Loyalife admin layer reduces the blast radius of any potential credential compromise.Enterprise Identity and SSO Compatibility
In environments where single sign-on (SSO) is already configured through an identity provider, the two-step verification requirement is typically satisfied by the SSO layer itself. Xoxoday Loyalife recognizes authenticated SSO sessions and does not prompt for a redundant second factor when the identity provider already enforces MFA — for example, when employees authenticate through Darwinbox or similar enterprise directories. For admin users who sign in directly with email credentials rather than SSO, Xoxoday Loyalife’s native two-step enforcement applies automatically at login.Audit and Compliance Reporting
Access events, including successful and failed two-step authentication attempts, are logged within Xoxoday Loyalife’s audit trail. Security and compliance teams can review these logs to demonstrate control effectiveness during audits against SOC 2 Type II or internal security reviews. This audit trail is available to platform administrators without requiring a separate configuration step. Organizations rolling out Xoxoday Loyalife across large employee bases — including those using collaboration tools like Slack or Microsoft Teams for loyalty notifications — can be confident that backend administrative access remains protected regardless of how end users interact with the program. Learn more: Xoxoday Loyalife Help Centre — GeneralConfiguring SSO for Xoxoday Loyalife
Learn how to connect your identity provider to enforce single sign-on and MFA at the organizational level.
Role-Based Access Control in Xoxoday Loyalife
Understand how admin roles and permission scopes are structured to limit access to sensitive program data.