Skip to main content
Xoxoday Loyalife supports unauthenticated workflow actions, enabling approvers to approve or reject requests directly from email links or external URLs without requiring an active platform session.
Xoxoday Loyalife supports performing defined actions without requiring the approver to be authenticated into the platform. This capability is built for enterprise workflows where speed and accessibility matter—especially for managers, budget owners, or HR stakeholders who need to act on requests without navigating to a dashboard. The most common scenario is email-based approval. When an employee submits a rewards redemption request or a points-allocation event triggers an approval step, Xoxoday Loyalife sends a notification to the designated approver containing a secure, time-limited action link. The approver clicks “Approve” or “Reject” directly from their inbox, and the action is recorded in the system—no login required. The same pattern applies to external link-based approvals. Xoxoday Loyalife generates action URLs that function independently of an authenticated session. This is particularly practical when approvers are working from mobile devices or outside the corporate network—for example, acting on a request surfaced through a Microsoft Teams message card or a Slack notification, without redirecting to the Loyalife portal. From a security standpoint, these unauthenticated action links are tightly scoped. Each link is bound to a single action on a specific request, is time-limited, and is invalidated once used. This prevents replay attacks and ensures a stale email cannot trigger repeated approvals. Xoxoday Loyalife’s token handling is governed by its security architecture, which is audited under SOC 2 Type II and aligned with ISO 27001 controls. For organisations integrating Loyalife with HR platforms such as Workday, SAP SuccessFactors, or Darwinbox, the unauthenticated approval flow means workflow steps can be completed without requiring every participant to hold an active Loyalife account. An external finance approver or a regional HR business partner can act from their inbox without being provisioned as a full platform user. Full audit trails are maintained for all unauthenticated actions. Every approval or rejection via an external link is logged with a timestamp and the identity associated with the link recipient, ensuring traceability even when no interactive session is established. Learn more: Xoxoday Loyalife Help Centre — Security

Audit Trails & Activity Logs

Understand how Xoxoday Loyalife records and retains logs for all user and system actions, including unauthenticated events.

Authentication & Single Sign-On

Learn how Xoxoday Loyalife supports SSO, MFA, and session management for authenticated platform access.