Skip to main content
Xoxoday integrates with your organisation’s privileged user management system on request, providing granular role-based access controls, enforced MFA for high-privilege roles, and exportable audit logs for every privileged action.
Xoxoday supports granular role-based access controls (RBAC) for privileged accounts, including administrators and program managers. When your organisation already manages privileged identities through a dedicated solution—such as a Privileged Access Management (PAM) tool or an identity governance platform—Xoxoday can integrate with it natively on request.

How integration works

Xoxoday’s RBAC model maps directly to the roles your organisation defines. Administrator accounts, program managers, and other high-privilege users can be provisioned and de-provisioned through your existing identity workflows rather than managed separately inside Xoxoday. Your IT and security teams retain a single source of truth for privileged access across all connected systems. For organisations running Workday or SAP SuccessFactors for HR identity management, or applying a PAM layer on top of an identity provider such as Azure Active Directory or Okta, Xoxoday’s implementation team scopes the integration during onboarding and configures it to your specific requirements.

Security controls for privileged roles

Every privileged action taken within Xoxoday—budget approvals, reward catalogue changes, user role assignments—is logged and auditable. Audit trails are exportable and structured to support compliance reviews under frameworks such as SOC 2 Type II and ISO 27001. Multi-factor authentication can be enforced specifically for high-privilege roles. Whether your organisation delivers MFA via an authenticator app, hardware token, or your existing identity provider, Xoxoday applies that enforcement at the role level rather than as a blanket policy across all users.

Least-privilege alignment

Access rights within Xoxoday are scoped per role. A program manager in one business unit can be restricted to viewing and approving only the rewards budget allocated to that unit, with no visibility into other departments. An administrator responsible for integrations can be granted API access without inheriting full platform administration rights. This granularity lets your organisation apply least-privilege principles consistently. When a team member changes roles or leaves, access is updated or revoked through your privileged user management process, and Xoxoday reflects those changes automatically once the integration is in place. For organisations that rely on Darwinbox or similar HCM platforms to drive lifecycle events, this can be fully automated end to end.

Getting started

To set up native integration between Xoxoday and your privileged user management system, raise a request with your Xoxoday account team. The implementation scope—including which roles map to which access levels and how audit data is surfaced—is defined collaboratively during the integration scoping session. Learn more: Xoxoday Help Centre — Back-end integration

SSO and identity provider integration

Connect Xoxoday to Azure AD, Okta, or any SAML 2.0-compliant identity provider for centralised authentication and user provisioning.

Audit logging and compliance exports

Understand how Xoxoday captures, stores, and exports privileged action logs to support SOC 2 Type II and ISO 27001 compliance reviews.