Xoxoday Loyalife supports configurable session timeout, enabling administrators to define inactivity thresholds that automatically log out users after a specified period of idle time.
Session Timeout Configuration in Xoxoday Loyalife
Xoxoday Loyalife gives platform administrators direct control over session lifetime, ensuring that inactive sessions are terminated automatically. This is a foundational security control for enterprise environments where shared devices, open browser tabs, or unattended workstations can expose sensitive loyalty programme data to unauthorised access. Administrators can set a specific inactivity period after which a user session expires and the user is required to re-authenticate. The setting applies platform-wide and enforces consistent session hygiene across all user roles — from programme managers and administrators to end participants accessing reward catalogues.Why Session Timeout Matters for Enterprise Security
Unmanaged sessions are a well-documented attack vector. In large organisations using Xoxoday Loyalife alongside HR systems such as SAP SuccessFactors, Workday, or Darwinbox, employees frequently access the loyalty portal from shared terminals in warehouse environments, retail floors, or office kiosks. Without automatic session expiry, a logged-in session could remain accessible long after the authorised user has walked away. Configuring session timeout within Xoxoday Loyalife directly supports compliance with frameworks such as ISO 27001 and SOC 2 Type II, both of which require organisations to demonstrate that access controls include session management policies. Security auditors routinely check for the existence and enforcement of idle session limits during reviews.How It Works in Practice
Consider a scenario where your organisation deploys Xoxoday Loyalife to a workforce spread across multiple shift patterns. A programme administrator logs into the admin console to approve reward redemptions and steps away without logging out. With session timeout configured, Xoxoday Loyalife automatically terminates the session after the defined idle period — preventing the next shift worker from inheriting an active privileged session. The timeout configuration is managed through the platform’s security or administration settings panel. Once set, the threshold applies immediately without requiring changes to individual user accounts.Integration with Broader Access Policies
Session timeout works alongside other access controls in Xoxoday Loyalife, including role-based access control (RBAC) and Single Sign-On (SSO) via SAML 2.0. When SSO is configured with an identity provider — such as Okta, Azure AD, or a corporate identity system — session timeout in Xoxoday Loyalife can complement the IdP’s own token expiry settings, creating a layered access control posture. For organisations that have defined acceptable use policies or information security policies referencing session management, Xoxoday Loyalife’s configurable timeout ensures the loyalty platform remains aligned with those governance requirements without requiring custom development or third-party tooling. Learn more: Xoxoday Loyalife Help Centre — SecurityRole-Based Access Control
Understand how Xoxoday Loyalife restricts feature and data access based on user roles across your programme hierarchy.
Single Sign-On (SSO) Configuration
Learn how to connect Xoxoday Loyalife to your corporate identity provider using SAML 2.0 for centralised authentication.