Empuls gives administrators control over how employees sign in. Open authentication settings in your tenant atDocumentation Index
Fetch the complete documentation index at: https://empuls.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
https://<your-empuls-url>/admin/authentication-settings. You can require a single login method for the entire organization, or enable multiple options so users can choose. Single sign-on (SSO) is the most common choice for enterprise customers because it lets employees use their existing corporate credentials and allows IT to add or revoke access centrally without managing a separate password.
Available login methods
Empuls supports five authentication options:| Method | Best for |
|---|---|
| Email / Password | Organizations without an SSO provider |
| Google SSO | Google Workspace customers |
| Microsoft SSO | Microsoft 365 / Azure AD customers |
| Slack SSO | Organizations using Slack as their primary workspace |
| SAML 2.0 (Custom) | Any IdP that speaks SAML 2.0: Okta, OneLogin, Ping Identity, ADFS, Oracle IAM, and others |
Configure authentication settings
All authentication settings are in one place: navigate to Admin > User Access Settings > User Authentication. From this page you can toggle each method on or off, test connections before enabling them for all users, and set a default login method.You need Super Admin access in Empuls to change authentication settings. Involve your IT team before enabling or switching SSO, especially for SAML 2.0 providers.
Google SSO
Toggle on Google to allow employees to sign in with their Google Workspace account. Empuls uses Google’s standard OAuth flow — no additional configuration on the Empuls side is required. Your employees must have an active Google account whose email matches their Empuls user record.Microsoft SSO
Toggle on Microsoft and click Proceed. You will be redirected to sign in with your Microsoft 365 credentials to authorize the connection. Once credentials are verified, Empuls displays an “SSO verification is successful” confirmation.The built-in Microsoft toggle uses Microsoft’s OAuth flow and is separate from the Azure AD / SAML 2.0 custom login path. Use the Microsoft toggle for straightforward Microsoft 365 SSO. Use the Azure AD SAML route when you need attribute mappings, conditional access policies, or greater control over the federation trust.
Slack SSO
Toggle on Slack and click Proceed. Enter your Slack workspace URL, sign in with your Slack credentials, and approve the connection. Slack sends a verification code to your email to complete authentication. After verifying, Empuls confirms the integration is active.SAML 2.0 (Custom login methods)
If your identity provider is not listed above, select Custom Login Methods and click Configure Now. Empuls supports any IdP that implements the SAML 2.0 standard. The configuration requires exchanging metadata between Empuls (Service Provider) and your identity provider.Azure AD
Connect Empuls to Azure Active Directory using SAML 2.0 federation.
Okta SSO
Set up Okta as your SAML 2.0 identity provider for Empuls.
Custom SAML 2.0
Configure any SAML 2.0-compatible provider, including OneLogin, Ping Identity, and ADFS.
How SSO authentication works
When a user visits the Empuls login page and SSO is enabled, the following happens:- The user enters their email address and clicks Proceed.
- Empuls detects the configured identity provider and redirects the user to the IdP login page.
- The identity provider authenticates the user using corporate credentials.
- The IdP sends a cryptographically signed response back to Empuls confirming the user’s identity.
- Empuls grants the user access.
Email whitelisting
By default, Empuls sends notification emails from Xoxoday’s sending domain. If your organization requires emails to come from your own domain (for example,notifications@yourcompany.com), you can configure sender domain verification.
Empuls uses SendGrid (Twilio) as the email gateway. Enabling your domain requires a DNS verification step:
Request domain verification
Contact your Empuls account manager or the support team to initiate a Sender Domain Verification request.
Add CNAME records to DNS
Empuls generates a set of unique CNAME records for your account. Share these with your IT or DNS administrator and have them added to your organization’s DNS host. These records do not conflict with your existing email infrastructure.
Notify Empuls to validate
Once the records are in place, notify the Empuls team. They validate the DNS entries to complete the authorization.
Frequently asked questions
Can I enable more than one SSO method at the same time?
Can I enable more than one SSO method at the same time?
Empuls allows you to enable up to two authentication methods simultaneously in most configurations. To enable multiple custom SSO options at the same time, contact cs@xoxoday.com.
What happens to existing users when I enable SSO?
What happens to existing users when I enable SSO?
Existing users retain access as long as their email address in Empuls matches the identity they authenticate with in the IdP. Users who cannot be matched will be unable to log in until their records are reconciled.
Can I make SSO mandatory for all users?
Can I make SSO mandatory for all users?
Yes. When you set a method as the default in User Authentication settings, all users must sign in using that method. Optional SSO allows users to choose.
Where do I find the Empuls authentication settings URL?
Where do I find the Empuls authentication settings URL?
The direct URL pattern is
https://your-tenant.xoxoday.com/admin/authentication-settings. Replace your-tenant with your organization’s Empuls subdomain.