As you may be aware, XOG itself is not SSO-aware or SSO-enabled.
When your team looks into it, please make sure their configuration is such that requests to /niku/xog on your PPM servers are allowed to pass through SSO and not be protected by it.
There are some other PPM endpoints (urls) that this also needs to be the case. Our documentation covers CA SSO (Siteminder) configuration specifically, but still the information about the different 'realms' in use and whether they should or shouldn't be protected may be of use to them:
Integrate CA PPM with CA Single Sign-On (SSO)