Xoxoday enforces multi-factor authentication (MFA) and two-factor authentication (2FA) across all critical access points, ensuring that only verified identities can reach production systems and sensitive data.
How Xoxoday Implements MFA and 2FA
Authentication security is not optional at Xoxoday — it is mandated across every layer of access. All personnel are required to use 2FA when accessing production environments, removing reliance on passwords alone and substantially reducing the attack surface for credential-based threats. This applies from the first point of entry. Before reaching any internal system, users must authenticate through a VPN layer, which itself requires a second factor. Only after that is bastion server access granted — and that too is protected by a separate 2FA challenge. The result is a multi-step verification chain rather than a single gate.Secure Identity Verification with InstaSafe
Xoxoday uses InstaSafe as part of its identity verification infrastructure. InstaSafe provides zero-trust network access, meaning no user or device is inherently trusted regardless of network location. This is particularly relevant for distributed teams accessing Xoxoday’s reward and recognition platform from across geographies — whether your HR team is running a recognition programme through Slack or Microsoft Teams, the authentication controls remain consistent and enforced. This approach aligns with the requirements of ISO 27001 and SOC 2 Type II, both of which Xoxoday complies with. Organisations integrating Xoxoday with enterprise HRMS platforms such as Workday, SAP SuccessFactors, or Darwinbox can be confident that authentication standards on the Xoxoday side meet the security thresholds their own IT and compliance teams expect.Why This Matters for Enterprise Buyers
Unauthorised access to a rewards and recognition platform carries real risk — from manipulated point balances to exposure of employee data. By requiring 2FA at both the VPN and bastion server levels, Xoxoday ensures that even if one credential is compromised, an attacker cannot proceed without the second factor. For IT and security teams evaluating Xoxoday as a vendor, this multi-layer model means you are not dependent on a single perimeter control. Each layer independently verifies identity, and the combination of VPN authentication, bastion server 2FA, and InstaSafe’s zero-trust verification creates defence in depth rather than a single point of failure. This architecture supports your organisation’s internal access control policies and provides the audit trail expected under enterprise security frameworks.Learn more: Xoxoday Help Centre — Authentication
Does Xoxoday support Single Sign-On (SSO)?
Learn how Xoxoday integrates with your existing identity provider via SAML 2.0 and OAuth 2.0 for seamless SSO access.
How does Xoxoday protect data at rest and in transit?
Understand Xoxoday’s encryption standards, including AES-256 at rest and TLS in transit, across all platform environments.