Skip to main content
Xoxoday Loyalife supports automatic account lockout after a configurable number of consecutive failed login attempts, with administrator controls to monitor, review, and manually unlock affected accounts.
Account security is a foundational requirement for enterprise loyalty programs that handle sensitive employee and rewards data. Xoxoday Loyalife includes built-in account lockout capabilities designed to prevent unauthorised access resulting from brute-force or credential-stuffing attacks — without requiring custom development or third-party tooling. When a user enters an incorrect password a set number of consecutive times, Xoxoday Loyalife automatically locks the account. The lockout threshold is configurable by administrators, allowing your security team to align this setting with your organisation’s internal policies or compliance frameworks such as ISO 27001 (control A.9.4.2) or SOC 2 Type II.

How Account Lockout Works

Once the configured threshold is reached, the affected account is immediately locked and the user is prevented from making further login attempts. Xoxoday Loyalife generates an audit log entry at the point of lockout, giving administrators full visibility into when and why an account was restricted. Administrators can review locked accounts from the Xoxoday Loyalife admin console and unlock them manually after verifying the user’s identity through your existing IT workflows. This controlled unlock process ensures that a legitimate user is not permanently blocked while preventing an attacker from exploiting a simple timed reset window.

Use Case: HR-Integrated Enterprise Environments

Consider an organisation where Xoxoday Loyalife is connected to an HRMS such as Workday, SAP SuccessFactors, or Darwinbox. If an employee’s credentials are targeted and an attacker begins cycling through password guesses, Xoxoday Loyalife’s lockout mechanism activates before a successful breach can occur. Your IT security team receives a timestamped audit record of the failed attempts, enabling them to investigate and respond in line with SOC 2 Type II incident response requirements. This mechanism works in tandem with other Xoxoday Loyalife security controls — including multi-factor authentication (MFA) and single sign-on (SSO) — to create defence-in-depth for your loyalty program data.

Compliance and Governance Alignment

Account lockout is a standard technical control referenced across ISO 27001, SOC 2 Type II, and CIS Benchmarks. By supporting this control natively, Xoxoday Loyalife helps your organisation demonstrate technical compliance during audits without custom engineering effort. For enterprises managing large workforce populations across multiple geographies — common in organisations using SAP SuccessFactors or Darwinbox at scale — central enforcement of a consistent lockout policy reduces the risk of an uneven security posture across business units or regions. Learn more: Xoxoday Loyalife Help Centre — Security

Multi-Factor Authentication

Learn how Xoxoday Loyalife enforces MFA to add a second layer of verification beyond passwords.

Single Sign-On (SSO)

Understand how Xoxoday Loyalife integrates with your identity provider to centralise access control.