Skip to main content
Xoxoday supports Employee ID-based login when SAML or OAuth Single Sign-On (SSO) is configured, allowing employees to authenticate securely using their unique staff identifier instead of a corporate email address.
Xoxoday’s employee engagement platform supports login via Employee ID when integrated with SAML or OAuth-based Single Sign-On (SSO). Employees do not need a corporate email address to authenticate — their unique Employee ID is sufficient to access Xoxoday securely. This is especially valuable for frontline workers, factory staff, or contract employees who hold an assigned ID in the HRIS but have no company email.

How Employee ID Login Works

When your IT or HR team configures SSO, the identity provider (IdP) passes the Employee ID as the primary identifier to Xoxoday. Xoxoday maps this identifier to the corresponding user record and grants access without requiring an email-based credential. The entire handshake is encrypted and follows industry-standard authentication protocols, keeping the process invisible and frictionless for end users.

Supported Authentication Protocols

Xoxoday supports two primary protocols for SSO-based Employee ID login: SAML 2.0 connects with identity providers such as Okta, Azure Active Directory, and OneLogin. The Employee ID is passed as an attribute within the SAML assertion and mapped to the user’s Xoxoday profile during the handshake. OAuth 2.0 supports modern identity frameworks used by platforms integrated with Workday, SAP SuccessFactors, or Darwinbox. The Employee ID is included in the OAuth token and resolved server-side. For example, an organisation running Darwinbox as its HRIS can configure Darwinbox’s built-in SSO to pass each employee’s staff ID directly to Xoxoday at login. Employees open Xoxoday — whether through the web app, MS Teams, or Slack — enter their Employee ID, and are authenticated through the identity provider without managing a separate password.

Access Control and Compliance Benefits

Centralising authentication through Employee ID tightens offboarding. When a staff member’s record is deactivated in the HRIS, their Employee ID is revoked, which immediately removes access to Xoxoday. There is no lag caused by separate credential management. This coupling supports compliance obligations under frameworks such as ISO 27001 and SOC 2 Type II, where demonstrable access governance is a requirement. IT administrators maintain a single point of control rather than managing credentials application by application. Xoxoday enforces whatever access policies the identity provider applies, keeping your security posture consistent across the stack.

Configuration Overview

Setting up Employee ID login requires an active SSO integration between your identity provider and Xoxoday. Your Xoxoday implementation team will guide your IT administrator through mapping the correct attribute — typically employeeId or staffNumber — in the SAML assertion or OAuth token. Once configured, the experience is transparent to employees. No additional software is required on user devices; browser-based access and the Xoxoday mobile app are both supported once SSO is active. Learn more: Xoxoday Help Centre — System requirement

How does SAML SSO work with Xoxoday?

Step-by-step guide to connecting your SAML identity provider with Xoxoday for centralised, secure employee authentication.

Which HRIS systems integrate with Xoxoday?

Xoxoday connects with Workday, SAP SuccessFactors, Darwinbox, and other leading HRIS platforms for seamless data sync and access control.