Security Improvements in Simple OKR

Protecting your data is very important to us. It is our responsibility to ensure that your data is safe and secure, so you can have a peace of mind when using Simple OKR. This is why I'm very excited to announce that we released couple small improvements to Simple OKR which will let you better secure your account.

First, we implemented password complexity requirements. If you use a password to sign-in, you are no longer allowed to set and use weak passwords. We have adopted zxcvbn algorithm that was developed by Dropbox a few years ago to enforce password complexity requirements.

Domain and password sign-in restriction settings

Second, we added two organization level security settings. You can enable domain restriction for your organization. When domain restriction is enabled only users with email addresses that match the domain will be allowed to join the organization or sign-in. We also added an option to disable password sign-in. This is a useful setting if your company is currently using Google to sign-in. When this option is enabled, all users of your organization will be forced to go through the Google Sign-In flow and passwords will not be allowed to sign-in.

We know that some of you were asking for Single Sign-On (SSO) capability. At the moment we do not have it and we know that the features that we just released do not replace SSO. We're planning to add support for SSO later this year so you can bring your own identity provider to Simple OKR.

If you have any concerns or questions relating to the security of Simple OKR, please let us know by sending an email to