Magic Link or SSO Login Failures
Overview
The most common cause of Magic Link or Single Sign-On (SSO) login failures is network or email security filtering. These issues typically occur when access to XQ services is blocked by a firewall or when login emails are modified by an email security tool.
This is especially common when accessing XQ Vault.
Firewall and Network Whitelisting
XQ services rely on the following domains. These must be allowed through your firewall, proxy, or network security controls.
Required Domains to Whitelist
xqmsg.netxqmsg.coxqmsg.comxqmsg.cloud
If any of these domains are blocked, Magic Links and SSO authentication may fail.
Magic Link Email Issues
If you can request a Magic Link successfully, but the link fails after clicking it, the issue is almost always caused by an email security gateway (e.g., link rewriting, sandboxing, or URL inspection).
Common Causes
- URL rewriting or tracking by email security tools
- Link detonation or time-of-click scanning
- Security tools altering the original Magic Link URL
These behaviors can invalidate the Magic Link and prevent authentication.
Recommended Email Security Configuration
To prevent Magic Link failures:
- Mark the sender as safe
- Sender address:
no-reply@xqmsg.com
- Sender address:
- Allowlist XQ domains
- Whitelist all domains listed above in your email security platform
- Disable link rewriting for XQ emails
- If supported, exclude XQ Magic Link emails from URL modification or detonation policies
Applying these settings significantly reduces the risk of Magic Link and SSO login failures.