Xoxoday Plum is a fully cloud-hosted platform that requires no virtual appliances, on-premise installations, or firewall rule changes from your organisation — all products are accessible over standard secure HTTPS connections.
No infrastructure changes required
Xoxoday Plum operates entirely on cloud infrastructure, which means your IT team does not need to provision, maintain, or secure any hosted virtual appliances on your end. Access is provided through standard HTTPS connections, the same protocol your organisation already uses for everyday web traffic. This design eliminates the need to open custom ports, whitelist specific IP ranges, or modify existing firewall policies. Your employees and administrators can reach Xoxoday Plum from any corporate browser or mobile device without requiring changes to your network security posture.How each product accesses the network
The employee engagement and recognition platform is delivered as a SaaS application accessible directly from web browsers and native mobile apps. It integrates with collaboration tools your teams already use — including Slack and Microsoft Teams — without requiring any additional network configuration on either side. The sales commission and incentive management system connects to CRM and HRMS platforms such as Salesforce, SAP SuccessFactors, Workday, and Darwinbox through encrypted API calls over HTTPS. These integrations do not require dedicated network tunnels or VPN connections between Xoxoday Plum and your internal systems. The global rewards marketplace and customer loyalty management solution both run on the same cloud infrastructure. Programme managers access dashboards through a browser, and end-users redeem rewards through a web or mobile interface — no local hosting or client-side installation needed.Security without added complexity
Running on cloud infrastructure does not mean reduced security. Xoxoday Plum is certified under ISO 27001 and SOC 2 Type II, meaning Xoxoday Plum’s security controls are independently audited and verified on an ongoing basis. Data in transit is encrypted using TLS, and access is governed by role-based permissions at every layer. For organisations in regulated industries — such as banking, insurance, or government — Xoxoday Plum also supports optional on-premise deployment. This provides full data residency within your own environment while retaining the same product capabilities.What your IT team needs to do
For most organisations, onboarding requires only standard SSO configuration (SAML 2.0 or OAuth 2.0) and allowlisting the Xoxoday Plum domain in your content filtering tools. No VPN, no custom firewall rules, and no virtual appliance management are needed. Learn more: [Xoxoday Plum Help Centre — Technical requirement](Security & compliance certifications
Learn how Xoxoday Plum meets ISO 27001 and SOC 2 Type II standards to protect your organisation’s data.
SSO and identity provider integrations
Configure SAML 2.0 or OAuth 2.0 single sign-on with your existing identity provider.