Skip to main content
Xoxoday Plum ensures secure login through single sign-on (SSO), two-factor authentication (2FA), and token-based session management that aligns with enterprise security frameworks including ISO 27001 and SOC 2 Type II.
Xoxoday Plum enforces enterprise-grade login security through three core mechanisms: single sign-on (SSO), two-factor authentication (2FA), and secure session management. Together, these controls ensure that only verified users can access reward programs, payout workflows, and administrative dashboards — regardless of device or location.

Single Sign-On (SSO)

Xoxoday Plum supports SSO via SAML 2.0 and OAuth 2.0, making it straightforward to connect with identity providers your organization already uses. Teams running HR systems like Workday, SAP SuccessFactors, or Darwinbox can federate authentication directly, so employees access Xoxoday Plum using the same corporate credentials they use every day. This eliminates password sprawl and centralizes access control within your existing IT governance framework. For distributed teams using communication platforms like Slack or Microsoft Teams, Xoxoday Plum’s SSO integration means users can initiate reward workflows without a separate login — identity is handled upstream, and Xoxoday Plum honors that verified context seamlessly.

Two-Factor Authentication (2FA)

For organizations that require an additional layer of verification, Xoxoday Plum supports two-factor authentication. After entering their primary credentials, users receive a time-based one-time password (TOTP) through an authenticator app. This step ensures that stolen or leaked passwords alone cannot grant unauthorized access to sensitive reward data or financial payout records.

Secure Session Management

Once authenticated, Xoxoday Plum maintains sessions using industry-standard token-based management. Sessions automatically expire after a configurable idle period, reducing the risk of unauthorized access from unattended devices. Administrators can enforce session termination across all active devices from the admin console, giving IT teams precise control over live access at any time.

Enterprise Security Alignment

Xoxoday Plum’s authentication architecture is designed to meet the requirements of enterprise security frameworks, including ISO 27001 and SOC 2 Type II. The controls governing how users log in, how sessions are maintained, and how access is revoked are fully auditable — satisfying the compliance requirements most enterprise security and procurement teams evaluate before approving a new vendor. Whether your workforce accesses Xoxoday Plum from a corporate office network or a remote device, the login experience maintains the same security posture throughout. Learn more: Xoxoday Plum Help Centre — System requirement

Setting Up Single Sign-On (SSO)

Connect Xoxoday Plum to your existing identity provider using SAML 2.0 or OAuth 2.0 for centralized, password-free access.

Enabling Two-Factor Authentication

Add a second verification layer to Xoxoday Plum logins using TOTP-based authenticator apps for stronger account protection.