Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.voucherify.io/llms.txt

Use this file to discover all available pages before exploring further.

Voucherify provides tools that help you protect your account and monitor important activity. Some settings apply only to your user account, while others can be enforced for the whole team. You can manage security settings in two places:
  • My profile > Security for personal settings
  • Team settings > Security for account-level rules (account owner only)

Security checklist

To improve the security of your Voucherify account, consider enabling the following features:
  • Enable two-factor authentication (2FA) for all users
  • Configure SAML single sign-on (SSO) with your identity provider
  • Review user roles and permissions
  • Monitor account activity logs
  • Set API usage threshold alerts
  • Enable webhook failure notifications
These features help prevent unauthorized access and allow your team to react quickly to security issues.

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to the login process. In addition to your password, you must confirm your identity using another verification method.

Enforce two-factor authentication for the team

Only the account owner can enforce two-factor authentication for all users. To enable enforcement:
  1. Go to Team settings and open the Security tab.
  2. Turn on Enforce two-factor authentication.
  3. Click a start date or select Now.
  4. Save the changes.
After enforcement, each user must set up two-factor authentication during their next login.

Set up two-factor authentication for your account

Each user configures two-factor authentication in My profile > Security. Voucherify supports the following methods:
  • Google Authenticator: Use the Google Authenticator app on your mobile device. Scan the QR code or enter the code manually. The app generates a verification code for each login.
  • SMS codes: Provide your phone number to receive a one-time verification code by text message each time you log in.
  • Backup codes: Voucherify generates ten one-time backup codes. Store them in a safe place and use them only if you cannot access your phone.
Backup codes or SMS codes alone are less secure. Voucherify recommends using Google Authenticator as your main method.

Password management

You can change your password at any time. To update your password:
  1. Go to My profile > Security.
  2. Click Change password.
  3. Enter your current password and a new password.
  4. Save the change.
You receive an email notification whenever your password is changed.

Single sign-on with SAML

SAML single sign-on (SSO) allows users to log in using a company identity provider instead of a Voucherify password. Voucherify supports providers such as Azure, Auth0, OneLogin, Okta, and PingIdentity.

How SAML login works

Before users can log in with SAML:
  • The user must be added to the SAML application in the identity provider.
  • The same user must be invited to the Voucherify dashboard using the same email address.
After configuration:
  • Users can log in from the identity provider dashboard or a SAML login page.
  • The email address must match the email used in Voucherify.
  • Users are not automatically synced from the identity provider to Voucherify. Each user must be created in Voucherify separately.
If SAML is enforced, users cannot log in using email and password.

Enable SAML authentication

To enable SAML:
  1. Create a SAML application in your identity provider.
  2. Copy the Identity provider entry point URL and the certificate.
  3. Go to Team settings > Security.
  4. Enable SAML and paste the required values.
  5. Save the configuration.
Voucherify generates a Callback URL. Add this URL to your identity provider configuration.
Always test SAML login before enforcing it. Enforcing SAML without testing may block user access.

Advanced SAML options

For advanced security setups, you can:
  • Sign SAML requests.
  • Encrypt or decrypt SAML responses.
These options are available for specific integration needs.

Provider-specific configuration

Follow the procedures of respective providers.
To enable Microsoft Azure (Entra ID):
  1. Open Microsoft Entra admin center.
  2. Go to Applications > Enterprise applications.
  3. Select New application.
  4. Click Microsoft Entra SAML Toolkit.
  5. Name the application and create it.
  6. Go to Single sign-on.
  7. Select SAML.
  8. Edit Basic SAML Configuration.
  9. Set Identifier (Entity ID) to your chosen value.
  10. Add a placeholder Reply URL.
  11. Add a placeholder Sign-on URL.
  12. Save the configuration.
  13. Copy the Login URL.
  14. In Voucherify, go to Team settings > Security.
  15. Enable SAML authentication.
  16. Paste the Login URL into Identity provider entry point URL.
  17. Download the Base64 certificate from Azure.
  18. In Voucherify, choose Add certificate.
  19. Paste the certificate.
  20. Set Issuer to the same Entity ID.
  21. Save the configuration.
  22. Copy the Callback URL from Voucherify.
  23. Return to Azure and edit Basic SAML Configuration.
  24. Replace the placeholder Reply and Sign-on URLs with the Callback URL.
  25. Save changes.
  26. Assign users or groups in Users and Groups.
  27. Create matching users in Voucherify with the same email addresses.
  28. Users log in via the Azure application.
To enable Auth0:
  1. Log in to Auth0.
  2. Go to Applications.
  3. Select Create application.
  4. Enter a name.
  5. Click Regular Web Application.
  6. Create the application.
  7. Open Settings.
  8. Scroll down and open Advanced settings.
  9. Go to the Endpoints tab.
  10. Copy the SAML protocol URL.
  11. In Voucherify, go to Team settings > Security.
  12. Enable SAML authentication.
  13. Paste the SAML protocol URL into Identity provider entry point URL.
  14. In Auth0, open the Certificates tab.
  15. Copy the Signing certificate.
  16. In Voucherify, choose Add certificate.
  17. Paste the certificate and save.
  18. Save the SAML configuration in Voucherify.
  19. Copy the Callback URL.
  20. In Auth0, go to Settings.
  21. Add the Callback URL to Allowed callback URLs.
  22. Save changes.
  23. Open the Addons tab.
  24. Enable SAML2 Web App.
  25. Save changes.
  26. Users log in using the Callback URL.
To enable OneLogin:
  1. Log in to OneLogin.
  2. Go to Applications.
  3. Select Add app.
  4. Search for SAML Custom Connector (Advanced).
  5. Add the application.
  6. (Optional) Set name, icon, and description.
  7. Save and go to Configuration.
  8. Set SAML encryption to AES-128-CBC.
  9. Save changes.
  10. Go to SSO.
  11. Copy SAML 2.0 Endpoint (HTTP).
  12. In Voucherify, go to Team settings > Security.
  13. Enable SAML authentication.
  14. Paste the endpoint URL as Identity provider entry point URL.
  15. Save.
  16. In OneLogin, open Certificate.
  17. Copy the X.509 certificate.
  18. In Voucherify, add the certificate and save.
  19. Save SAML configuration.
  20. Copy the Callback URL.
  21. In OneLogin, paste the URL into ACS URL.
  22. Save changes.
  23. Users log in using the Callback URL.
To enable Okta:
  1. Log in to Okta.
  2. Go to Applications.
  3. Select Create App Integration.
  4. Click SAML 2.0.
  5. Click Next.
  6. Enter application name and optional logo.
  7. Click Next.
  8. In Configure SAML, enter a placeholder Single Sign-On URL.
  9. Set Audience URI (SP Entity ID).
  10. Set Name ID format to EmailAddress.
  11. Set Application username to Email.
  12. Finish setup.
  13. Open SAML Signing Certificates.
  14. View SAML setup instructions.
  15. Copy Identity provider SSO URL.
  16. In Voucherify, enable SAML authentication.
  17. Paste the SSO URL as Entry point URL.
  18. Copy the X.509 certificate.
  19. Add the certificate in Voucherify.
  20. Set Audience to match Okta value.
  21. Save configuration.
  22. Copy the Callback URL.
  23. Edit SAML settings in Okta.
  24. Replace the placeholder URL with the Callback URL.
  25. Assign users to the application.
  26. Users log in using the Callback URL.
To enable PingID:
  1. Log in to PingID.
  2. Go to Applications.
  3. Select Add new application.
  4. Set application name.
  5. Click SAML application.
  6. Select Manual configuration.
  7. Set placeholder ACS URL.
  8. Set Entity ID.
  9. Download the X.509 certificate.
  10. Copy Initiate SSO URL.
  11. In Voucherify, enable SAML authentication.
  12. Paste the Initiate SSO URL as Entry point URL.
  13. Set Audience.
  14. Add the certificate.
  15. Save configuration.
  16. Copy the Callback URL.
  17. Return to PingID configuration.
  18. Replace placeholder ACS URL with Callback URL.
  19. Edit Attribute mappings.
  20. Map subject to user ID or username.
  21. Add email attribute mapping.
  22. Mark email as required.
  23. Enable the application.
  24. Create matching users in PingID and Voucherify.
  25. Test login using the Callback URL.

Activity logs

Logs help you review account and project activity.

Account activity logs

Account activity logs are available in My profile > Security. They include:
  • Login events.
  • Password changes.
  • Updates to security settings.

Project audit logs

Project-level activity is available in the Audit log section of the dashboard. Audit logs show:
  • API requests and responses.
  • Request source.
  • Related objects such as campaigns or orders.
These logs help track technical activity and data changes.

Monitoring and alerts

Voucherify provides alerts that help you monitor account usage and important events. Alerts do not block access, but they help you react quickly when attention is needed. You can manage alerts in the Notification center.

User notifications

These settings apply only to the logged-in user.
User notifications relate to project activity and background processes. You can manage them in Notifications (sidebar) > Go to Notification center > User settings. For example, you can set up notifications for:
  • Campaign updates.
  • Voucher generation results.
  • Imports and exports.
  • Background tasks.
Each notification has predefined delivery channels:
  • In-app notifications
  • Email notifications
  • In-app and email notifications
You can turn delivery channels on or off with Show details.

Account-level notifications

These settings apply to the whole account and are managed by the account owner.
Account-level notifications relate to system limits and technical delivery. You can manage them in Notifications (sidebar) > Go to Notification center > Account settings. Available notifications include:
  • Webhook delivery failures: Alerts when Voucherify cannot successfully deliver a webhook. This helps you detect integration problems and fix failing endpoints.
  • API usage thresholds: Alerts when your API usage approaches a defined limit. Setting thresholds helps you react early and avoid reaching account limits that could temporarily block API requests.
  • Message limits: Alerts when your account approaches configured messaging limits.
Most account-level notifications support in-app and email delivery. Some notifications require at least one email address to be set.
Account-level notifications are informational. They do not block API calls or user access.
Account security can be combined with the following features.
Control who can access your account, assign roles, and manage permissions for team members.Read members and roles to learn more.
Go to Project settings to manage API keys, webhooks, brand details and to check usage limits.
Last modified on May 15, 2026