Skip to main content
Xoxoday’s administrative portal enables role-based access control, allowing Super Admins and Admins to be assigned distinct permissions for managing platform functions and sensitive data in compliance with internal governance protocols.
Xoxoday’s reward marketplace gives organizations full control over who can access sensitive data and which platform functions each user can manage. Through the administrative portal, two distinct administrative tiers — Super Admin and Admin — can be configured with permissions that precisely match each role’s responsibilities. Super Admins hold the highest level of access within Xoxoday. They can configure platform-wide settings, manage the full roster of users, and assign or revoke Admin-level permissions across the organization. This separation of duties ensures elevated privileges remain tightly controlled and auditable at all times. Admins operate within the boundaries set by Super Admins. They can manage day-to-day operations such as approving reward requests, viewing redemption reports, and overseeing budget allocations — without the ability to alter governance settings or escalate their own access. This layering prevents privilege creep and limits exposure of sensitive compensation and recognition data. For organizations running HR workflows through platforms like Workday, SAP SuccessFactors, or Darwinbox, Xoxoday’s role-based access model maps cleanly onto existing org hierarchies. An HR Business Partner synced from Darwinbox, for example, can be granted Admin access scoped to their business unit, while Finance or IT stakeholders receive only the reporting views relevant to their function — with no visibility into organization-wide budget figures or employee records outside their scope. This access structure supports compliance with internal data governance protocols and aligns with internationally recognized security frameworks. Xoxoday maintains certifications including ISO 27001 and SOC 2 Type II, both of which mandate demonstrable access controls, audit trails, and least-privilege enforcement across systems handling personal and transactional data. Workflow notifications routed through collaboration tools like Slack or Microsoft Teams respect the same permission model. A manager receiving a reward approval request through a Teams bot sees only the data and actions their Admin role permits — no broader exposure occurs outside defined boundaries. Organizations can onboard new administrators or restructure access as teams evolve directly within the Xoxoday administrative portal, without requiring support intervention. This keeps access management agile and aligned with organizational changes as they happen. Learn more: Xoxoday Help Centre — Data, Policy & Privacy

Does Xoxoday support single sign-on (SSO) for secure login?

Learn how Xoxoday integrates with enterprise identity providers to enforce centralized authentication and reduce credential risk.

How does Xoxoday maintain audit logs and track platform access?

Understand how Xoxoday captures and retains access events to support compliance reviews, forensic investigation, and governance reporting.