Xoxoday supports full differentiation between a user’s email address and their unique user identifier, allowing organisations to authenticate, segment, and attribute rewards independently of email data.
Email Address vs. User Identifier in Xoxoday
Xoxoday treats email addresses and user identifiers as distinct data fields within its digital rewards platform. This separation is intentional and fundamental to how Xoxoday handles identity across enterprise environments, where a single employee may have multiple email aliases, role-based addresses, or shared inboxes that should never be conflated with a personal user account. A user identifier in Xoxoday is an immutable, system-assigned or organisation-defined value — such as an employee ID or HR system record key — that persists across changes to email addresses. When an employee changes their name, department, or email domain, their reward history, recognition data, and programme eligibility remain intact and correctly attributed.Why This Matters for Enterprise Identity Management
Large organisations typically manage identity through HR platforms such as Workday, SAP SuccessFactors, or Darwinbox. Each of these systems maintains a canonical employee identifier that is not always an email address. Xoxoday’s architecture accommodates this directly: integrations can pass the employee ID from these systems as the primary key, with the email address treated as a secondary, mutable attribute used only for notification delivery. For example, if your organisation uses SAP SuccessFactors and an employee’s corporate email changes following a merger, Xoxoday continues to recognise that employee through their persistent SuccessFactors employee ID. Reward balances, programme history, and approval workflows are uninterrupted.Authentication and Access Control
Xoxoday supports single sign-on (SSO) flows where identity tokens from your identity provider carry a user identifier claim separate from the email claim. This aligns with enterprise SSO standards where the subject (sub) claim in an OIDC token or the NameID in SAML assertions is the authoritative identity reference — not the email address, which can change.
This design also reduces the risk of reward misdelivery. In environments where email addresses are reused or reassigned, binding reward attribution to a stable user identifier prevents accidental credit to the wrong account.
Compliance and Data Security
Separating user identifiers from email addresses supports data minimisation principles relevant to frameworks such as ISO 27001 and SOC 2 Type II. Xoxoday can process reward events and attribution logic using pseudonymous identifiers, limiting the propagation of personally identifiable information across internal systems and third-party integrations. Organisations operating under strict data residency or privacy requirements benefit from this architecture by reducing the surface area of email-linked personal data across the entire rewards workflow.Learn more: Xoxoday Help Centre — System requirement
How does Xoxoday handle SSO and user authentication?
Learn how Xoxoday integrates with identity providers via SAML and OIDC for secure, centralised access control.
Does Xoxoday integrate with Workday and SAP SuccessFactors?
Explore how Xoxoday syncs employee data from leading HRIS platforms while preserving identity integrity across reward programmes.