Skip to main content
Voucherify provides tools that help protect your account and monitor important activity. Some settings apply only to your user account, while others can be enforced for the whole team. You can manage security settings in two places:
  • My profile > Security for personal settings
  • Team settings > Security for account-level rules (admin only)

Two-factor authentication

Two-factor authentication (2FA) adds an extra step to the login process. In addition to your password, you must confirm your identity using a second method.

Enforce two-factor authentication for the team

Only the account owner can enforce two-factor authentication for all users. To enable enforcement:
  1. Go to Team settings and open the Security tab
  2. Turn on Enforce two-factor authentication
  3. Choose a start date or select Now
  4. Save the changes
After enforcement, each user must set up two-factor authentication during their next login.

Set up two-factor authentication for your account

Each user configures two-factor authentication in My profile > Security. Voucherify supports the following methods:
Use the Google Authenticator app on your mobile device. Scan the QR code or enter the code manually. The app generates a verification code for each login.
Provide your phone number to receive a one-time verification code by text message each time you log in.
Voucherify generates ten one-time backup codes. Store them in a safe place and use them only if you cannot access your phone.
Backup codes or SMS codes alone are less secure. Voucherify recommends using Google Authenticator as your main method.

Password management

You can change your password at any time. To update your password:
  1. Go to My profile > Security
  2. Choose Change password
  3. Enter your current password and a new password
  4. Save the change
You receive an email notification every time your password is changed.

Single sign-on with SAML

SAML single sign-on (SSO) allows users to log in using a company identity provider instead of a Voucherify password. Voucherify supports providers such as Azure, Auth0, OneLogin, Okta, and PingIdentity.

How SAML login works

  • Users log in from the identity provider dashboard or a SAML login page
  • The email address must match the email used in Voucherify
  • Users are not automatically synced from your identity provider to Voucherify. Each user must be created in Voucherify separately
If SAML is enforced, users cannot log in using email and password.

Enable SAML authentication

To enable SAML:
  1. Create a SAML application in your identity provider
  2. Copy the Identity provider entry point URL and the certificate
  3. Go to Team settings > Security
  4. Enable SAML and paste the required values
  5. Save the configuration
Voucherify generates a Callback URL. Add this URL to your identity provider configuration.
Always test SAML login before enforcing it. Enforcing SAML without testing may block user access.

Advanced SAML options

For advanced security setups, you can:
  • sign SAML requests
  • encrypt or decrypt SAML responses
These options are available for specific integration needs.

Provider-specific configuration

  1. Open Microsoft Entra admin center
  2. Go to Applications > Enterprise applications
  3. Select New application
  4. Choose Microsoft Entra SAML Toolkit
  5. Name the application and create it
  6. Go to Single sign-on
  7. Select SAML
  8. Edit Basic SAML Configuration
  9. Set Identifier (Entity ID) to your chosen value
  10. Add a placeholder Reply URL
  11. Add a placeholder Sign-on URL
  12. Save the configuration
  13. Copy the Login URL
  14. In Voucherify, go to Team settings > Security
  15. Enable SAML authentication
  16. Paste the Login URL into Identity provider entry point URL
  17. Download the Base64 certificate from Azure
  18. In Voucherify, choose Add certificate
  19. Paste the certificate
  20. Set Issuer to the same Entity ID
  21. Save the configuration
  22. Copy the Callback URL from Voucherify
  23. Return to Azure and edit Basic SAML Configuration
  24. Replace the placeholder Reply and Sign-on URLs with the Callback URL
  25. Save changes
  26. Assign users or groups in Users and Groups
  27. Create matching users in Voucherify with the same email addresses
  28. Users log in via the Azure application
  1. Log in to Auth0
  2. Go to Applications
  3. Select Create application
  4. Enter a name
  5. Choose Regular Web Application
  6. Create the application
  7. Open Settings
  8. Scroll down and open Advanced settings
  9. Go to the Endpoints tab
  10. Copy the SAML protocol URL
  11. In Voucherify, go to Team settings > Security
  12. Enable SAML authentication
  13. Paste the SAML protocol URL into Identity provider entry point URL
  14. In Auth0, open the Certificates tab
  15. Copy the Signing certificate
  16. In Voucherify, choose Add certificate
  17. Paste the certificate and save
  18. Save the SAML configuration in Voucherify
  19. Copy the Callback URL
  20. In Auth0, go to Settings
  21. Add the Callback URL to Allowed callback URLs
  22. Save changes
  23. Open the Addons tab
  24. Enable SAML2 Web App
  25. Save changes
  26. Users log in using the Callback URL
  1. Log in to OneLogin
  2. Go to Applications
  3. Select Add app
  4. Search for SAML Custom Connector (Advanced)
  5. Add the application
  6. (Optional) Set name, icon, and description
  7. Save and go to Configuration
  8. Set SAML encryption to AES-128-CBC
  9. Save changes
  10. Go to SSO
  11. Copy SAML 2.0 Endpoint (HTTP)
  12. In Voucherify, go to Team settings > Security
  13. Enable SAML authentication
  14. Paste the endpoint URL as Identity provider entry point URL
  15. Save
  16. In OneLogin, open Certificate
  17. Copy the X.509 certificate
  18. In Voucherify, add the certificate and save
  19. Save SAML configuration
  20. Copy the Callback URL
  21. In OneLogin, paste the URL into ACS URL
  22. Save changes
  23. Users log in using the Callback URL
  1. Log in to Okta
  2. Go to Applications
  3. Select Create App Integration
  4. Choose SAML 2.0
  5. Click Next
  6. Enter application name and optional logo
  7. Click Next
  8. In Configure SAML, enter a placeholder Single Sign-On URL
  9. Set Audience URI (SP Entity ID)
  10. Set Name ID format to EmailAddress
  11. Set Application username to Email
  12. Finish setup
  13. Open SAML Signing Certificates
  14. View SAML setup instructions
  15. Copy Identity provider SSO URL
  16. In Voucherify, enable SAML authentication
  17. Paste the SSO URL as Entry point URL
  18. Copy the X.509 certificate
  19. Add the certificate in Voucherify
  20. Set Audience to match Okta value
  21. Save configuration
  22. Copy the Callback URL
  23. Edit SAML settings in Okta
  24. Replace the placeholder URL with the Callback URL
  25. Assign users to the application
  26. Users log in using the Callback URL
  1. Log in to PingID
  2. Go to Applications
  3. Select Add new application
  4. Set application name
  5. Choose SAML application
  6. Select Manual configuration
  7. Set placeholder ACS URL
  8. Set Entity ID
  9. Download the X.509 certificate
  10. Copy Initiate SSO URL
  11. In Voucherify, enable SAML authentication
  12. Paste the Initiate SSO URL as Entry point URL
  13. Set Audience
  14. Add the certificate
  15. Save configuration
  16. Copy the Callback URL
  17. Return to PingID configuration
  18. Replace placeholder ACS URL with Callback URL
  19. Edit Attribute mappings
  20. Map subject to user ID or username
  21. Add email attribute mapping
  22. Mark email as required
  23. Enable the application
  24. Create matching users in PingID and Voucherify
  25. Test login using the Callback URL

Activity logs

Logs help you review account and project activity.

Account activity logs

Account activity logs are available in My profile > Security. They include:
  • login events
  • password changes
  • updates to security settings

Project audit logs

Project-level activity is available in the Audit log section of the dashboard. Audit logs show:
  • API requests and responses
  • request source
  • related objects such as campaigns or orders
These logs help track technical activity and data changes.

Monitoring and alerts

Voucherify provides alerts that help you monitor account usage and important events. Alerts do not block access, but they help you react quickly when attention is needed. You can manage alerts in the Notification center.

User notifications

User notifications relate to project activity and background processes. These settings apply only to the logged-in user. You can manage them in: Notifications (sidebar)Go to Notification centerUser settings Examples include:
  • campaign updates
  • voucher generation results
  • imports and exports
  • background tasks
Each notification has predefined delivery channels:
  • some are in-app only
  • some support email
  • some support both
You can turn delivery channels on or off using Show details.

Account-level notifications

Account-level notifications relate to system limits and technical delivery. These settings apply to the whole account and are managed by admins. You can manage them in: Notifications (sidebar)Go to Notification centerAccount settings Examples include:
  • API usage thresholds
  • message limits
  • failed webhook callouts
These notifications usually support in-app and email delivery. Some require at least one email address to be set.
Account-level notifications are informational. They do not block API calls or user access.
Control who can access your account, assign roles, and manage permissions for team members.
Manage API keys, webhooks, and usage limits that affect account access and monitoring.
Last modified on February 3, 2026