One platform for finance, people, sales, operations, fleet, commerce, and BI.

Sign in Let's meet

Employee hub Employee Hub

Time & attendance Time & Attendance

Scheduling Scheduling

Leave management Leave Management

Payroll Payroll

Settlements Settlements

Benefits Benefits

Recruitment Recruitment

Performance Performance

Workforce planning Workforce Planning

Engagement Engagement

Storefront Storefront

Catalog Catalog

Checkout Checkout

Payments Payments

Shipping Shipping

Promotions Promotions

Ads Ads

Channels Channels

Apps Apps

Mobile Mobile

Financing Financing

The ledger General Ledger

Banking Banking & Reconciliation

Invoicing Invoicing & E-Invoicing

Expenses Expenses & Claims

Assets Fixed Assets & Depreciation

Budgets Budgets & Forecasting

Tax Tax & ZATCA Compliance

Consolidation Multi-Company Consolidation

CRM CRM

Quotes Quotes

Orders Orders

Customer portal Customer Portal

Subscriptions Subscriptions

Loyalty Loyalty

Commissions Commissions

Point of sale Point of Sale

Projects Projects

Timesheets Timesheets

Field service Field Service

Helpdesk Helpdesk

Resource planning Resource Planning

Inventory Inventory

Products Products

Tracking Tracking

Purchasing Purchasing

Sourcing Sourcing

Manufacturing Manufacturing

Quality Quality

Maintenance Maintenance

Bookings Bookings

Rentals Rentals

Vehicles Vehicles

Drivers Drivers

Fuel & costs Fuel & Costs

Maintenance Maintenance

Telematics Telematics

Dispatch Dispatch

Compliance Compliance

Dashboards Dashboards

Reports Reports

Live metrics Live Metrics

Data studio Data Studio

Embedded Embedded Analytics

AI insights AI Insights

Organization Organization

Access Access

Workflow Workflow

Custom fields Fields

Document templates Templates

Messaging Messaging

Integrations Integrations

Audit Audit

Access

Manage users, roles, and granular permissions, with SSO, 2FA, and portal access — so everyone sees exactly what they should.

Updated February 23, 2026

Access controls who can do what across XO — users, roles, and fine-grained permissions, plus SSO and 2FA — the backbone of security and segregation of duties.

Users

Go to XO Core → Access → Users → Invite.
Enter the person’s email and assign a role and branch/scope.
They accept the invite and set up 2FA.

Roles & permissions

Open Access → Roles → New role.
Grant permissions at the level you need — module, screen, field, or record.
Use modes like create-only or read-only for tight control.
Assign users to roles (or use permission groups).

📷 Screenshot: a role with module/field-level permissions toggled.

SSO & 2FA

Enable SSO (SAML/OAuth/OpenID) for centralized login.
Enforce two-factor authentication; integrate Nafath for KSA identity where relevant.

External access

Scope customer (portal) and supplier (vendor portal) access so external users see only their own data.

Best practices

Build roles around job functions, not individuals.
Apply least privilege; reserve admin to a few.
Separate duties — e.g. whoever creates payments shouldn’t approve them.

Troubleshooting

User can’t see a module. Check their role permissions and branch scope.
SSO login fails. Verify the identity-provider config and that the user is provisioned.