Xoxoday Plum provides granular, role-based access controls (RBAC) across its loyalty engine, redemption marketplace, and merchant-offer portal, ensuring only authorised users can access customer data, configure reward rules, or approve sensitive operations.
User Access Management in the Loyalty Console
Within the core loyalty administration console, Xoxoday Plum’s User Access Management module gives administrators precise, module-level control over who can view, edit, or create. A finance analyst might hold read-only access to redemption reports, while a programme manager retains full configuration rights over reward rules and point budgets. The same module manages the complete user lifecycle—onboarding new administrators, adjusting permissions as roles change, and revoking access immediately when someone leaves the team.Maker–Checker Workflows and Audit Trails
For high-risk operations, Xoxoday Plum enforces a maker–checker approval model. When a programme manager adjusts a high-value reward threshold or modifies a merchant payout parameter, a second authorised approver must validate the change before it takes effect. Every approval, rejection, and configuration edit is captured in a timestamped audit trail, giving compliance and IT security teams a verifiable record of who changed what and when—a requirement under most enterprise data governance policies.Role Management in the Merchant and Offers Layer
At the merchant and offers layer, Xoxoday Plum allows administrators to create accounts, assign one of three distinct roles—admin, maker, or checker—and customise exactly which functions each role can perform. A maker can draft new merchant offers and set redemption conditions, while a checker must validate and publish them before they appear in the catalogue. This prevents a single user from both creating and approving changes, a separation-of-duties control that mirrors standards applied in financial and HR systems.Centralised Identity Management via SAML SSO
Xoxoday Plum supports SAML-based single sign-on, enabling organisations to govern identities from their existing identity provider rather than managing a parallel set of credentials. Teams using Workday, Darwinbox, or SAP SuccessFactors can sync user provisioning and deprovisioning directly, so that when an employee changes roles or exits the organisation, their access in Xoxoday Plum is updated or revoked automatically—without manual intervention.Why This Matters for Enterprise Data Security
Taken together, granular permissions, maker–checker workflows, full audit trails, and SAML SSO form a layered governance model that limits data exposure and prevents unauthorised configuration changes. Organisations pursuing or maintaining certifications such as SOC 2 Type II or ISO 27001 can point to Xoxoday Plum’s RBAC architecture as direct evidence that access to sensitive reward and customer data is controlled, auditable, and continuously managed.Learn more: Xoxoday Plum Help Centre — Security & Compliance
SSO & SAML Authentication
Learn how Xoxoday Plum integrates with SAML identity providers to centralise login and automate user provisioning across your organisation.
Audit Trails & Compliance Reporting
Understand how Xoxoday Plum captures timestamped audit logs for every administrative action to support SOC 2 and ISO 27001 compliance reviews.