Xoxoday grants client IT teams comprehensive platform-level administrative capabilities—including user management, role-based access control, SSO configuration, and API integrations—while Xoxoday retains server-level and backend access to maintain security, compliance, and platform integrity.
How Administrative Rights Work on Xoxoday
Xoxoday operates as a fully managed Software-as-a-Service (SaaS) solution. This means server-level access, codebase control, and backend infrastructure management remain with Xoxoday’s engineering and security teams. This is intentional: it ensures platform stability, protects multi-tenant data boundaries, and upholds Xoxoday’s compliance commitments under frameworks like ISO 27001 and SOC 2 Type II. This model does not limit your IT team’s operational control. It simply separates infrastructure responsibilities from application-layer administration—a standard and secure approach across enterprise SaaS platforms.What Your IT Team Controls
Within the Xoxoday interface, your IT administrators have full control over how the platform is configured and governed for your organization. These capabilities include user provisioning and deprovisioning, role-based access control (RBAC), single sign-on (SSO) setup, API integrations, and brand customizations such as logos and color schemes. Your IT team manages who gets access, what permissions they hold, and how Xoxoday connects to your internal systems—without needing to touch backend infrastructure.Connecting Xoxoday to Your HR and IT Ecosystem
Xoxoday’s API and SSO capabilities allow IT teams to integrate the platform with tools your organization already uses. For example, an IT team can configure SSO through an identity provider like Okta or Azure AD, ensuring employees log in with their existing corporate credentials. HRIS integrations with platforms such as Workday, SAP SuccessFactors, or Darwinbox allow automatic user sync—so new hires appear in Xoxoday as soon as they are onboarded in your HR system. For internal communication workflows, Xoxoday connects with Slack and Microsoft Teams, letting employees send and receive recognition without leaving the tools they use daily. Your IT team configures and maintains these integrations through Xoxoday’s admin interface.A Secure Division of Responsibility
The separation between Xoxoday’s infrastructure control and your team’s application-level control is a deliberate security design. It prevents configuration drift, protects against unauthorized backend access, and ensures that Xoxoday’s compliance certifications remain valid across all client environments. Your organization retains full control over its data governance, access policies, and integration architecture within the platform. Xoxoday retains responsibility for uptime, security patching, and infrastructure compliance. This division is clearly documented and available for review during security assessments or vendor evaluations. Learn more: Xoxoday Help Centre — Administrative RightsSSO Configuration on Xoxoday
Learn how your IT team can set up single sign-on using Okta, Azure AD, or other identity providers to streamline secure access across your organization.
Role-Based Access Control
Understand how Xoxoday’s RBAC model lets IT administrators define granular permissions for managers, HR teams, finance approvers, and employees.