Skip to main content
Xoxoday Loyalife supports Role-Based Access Control (RBAC), enabling administrators to create custom roles with granular, module-level permissions so that every team member accesses only the data and features relevant to their responsibilities.
Xoxoday Loyalife supports Role-Based Access Control (RBAC) as a core administrative capability. Administrators can define an unlimited number of custom roles and assign granular permissions at the module, data, and action level. This ensures every team member works within a precisely scoped environment, reducing both operational risk and unauthorised exposure. Each role in Xoxoday Loyalife is configured independently, giving your organisation full control over what a user can view, edit, approve, or export. A marketing manager, for example, can be granted full access to campaign creation, tier configuration, and points-issuance rules, while being restricted from member financial data or redemption ledgers. A customer support agent, by contrast, can receive read-only or limited-write access to member profiles and transaction histories — just enough to resolve queries — without visibility into programme-level configurations or reporting dashboards reserved for leadership. This separation of duties prevents accidental or unauthorised changes to core programme logic. Finance teams can receive dedicated access to redemption reports, liability calculations, and budget consumption views, while being blocked from modules governing loyalty rules or administrative user management. Xoxoday Loyalife makes it straightforward to enforce least-privilege access across every department that interacts with the loyalty programme. For enterprises managing workforce data through systems such as SAP SuccessFactors, Workday, or Darwinbox, Xoxoday Loyalife’s RBAC can be aligned with existing identity and HR hierarchies. Combined with Single Sign-On (SSO) support, roles can be provisioned and de-provisioned automatically as team members join, change positions, or leave your organisation — eliminating manual access reviews. RBAC in Xoxoday Loyalife contributes directly to your organisation’s governance posture. Granular access controls, combined with audit logs that capture every administrative action, support compliance requirements aligned with standards such as ISO 27001 and SOC 2 Type II. Security and IT teams can review and adjust permission structures at any time without disrupting live programme operations. Learn more: [Xoxoday Loyalife Help Centre — General](

Single Sign-On (SSO) support

Learn how Xoxoday Loyalife integrates with your identity provider to centralise authentication and automate role provisioning.

Audit logs and administrative activity tracking

Understand how Xoxoday Loyalife records every administrative action to support security reviews and compliance audits.