Skip to main content
Xoxoday Loyalife supports two-factor authentication (2FA) across web browsers and iOS/Android mobile apps, requiring a second verification step at login for all users in your organisation.
Xoxoday Loyalife supports two-factor authentication (2FA) across all major access surfaces, ensuring that only verified users can log in to manage loyalty programmes, access reward catalogues, or view programme analytics. 2FA is available whether your team accesses Xoxoday Loyalife through a browser or the mobile app. Supported Platforms 2FA is active on all major web browsers, including Chrome, Firefox, Safari, and Microsoft Edge. Mobile users on iOS and Android can enable 2FA through the Xoxoday Loyalife mobile app, providing consistent protection regardless of how employees and administrators access the platform. Supported Authentication Methods Xoxoday Loyalife supports time-based one-time passwords (TOTP) via authenticator apps, including Google Authenticator and Microsoft Authenticator. SMS-based OTP delivery is also supported, giving IT administrators flexibility in choosing the verification method that suits their workforce. Organisations already using Microsoft Authenticator as part of a Microsoft 365 rollout can reuse the same app, with no additional installation required for employees. Enterprise Identity and SSO Environments Many enterprise customers pair Xoxoday Loyalife’s native 2FA with SAML-based Single Sign-On (SSO) configured through identity providers such as Okta or Azure Active Directory. In these setups, the identity provider handles the 2FA challenge, and Xoxoday Loyalife accepts the authenticated session. This is common in organisations where Workday, SAP SuccessFactors, or Darwinbox serve as the source of truth for employee identity, allowing loyalty programme access to sit within the same authentication flow employees already use daily. For organisations accessing Xoxoday Loyalife directly without SSO, native 2FA enforces a second verification step at every login, protecting accounts against credential-based attacks even when passwords have been compromised. Compliance and Audit Readiness Enabling 2FA on Xoxoday Loyalife supports your organisation’s requirements under frameworks such as ISO 27001 and SOC 2 Type II, both of which mandate demonstrable controls over privileged access. Xoxoday Loyalife maintains SOC 2 Type II certification, and 2FA is a recommended control within its security hardening guidance. All authentication events are captured in audit logs, making it straightforward to evidence compliance during internal reviews or third-party audits. Enforcing 2FA Organisation-Wide Administrators can enable and enforce 2FA from the Security Settings section of the Xoxoday Loyalife admin console. Once enforcement is active, all users in the organisation are prompted to enrol on their next login. Users who have not completed 2FA setup are restricted from accessing Xoxoday Loyalife until enrolment is finished, eliminating partial-adoption gaps that can undermine a security policy. Learn more: Xoxoday Loyalife Help Centre — Security

Does Xoxoday Loyalife support Single Sign-On (SSO)?

Learn how Xoxoday Loyalife integrates with SAML 2.0 identity providers such as Okta, Azure AD, and Ping Identity for centralised authentication.

How does Xoxoday Loyalife protect data at rest and in transit?

Understand the encryption standards Xoxoday Loyalife applies to reward data, user records, and API communications.