Trust

Security overview

OKRunit is built to help teams add security and operational control to automated actions. This page summarizes the product controls customers commonly evaluate when reviewing the platform.

Authentication and access

The platform supports multiple access models depending on how a workflow integrates.

API keys

Server-to-server workflows can authenticate with connection-specific API keys for approval creation and management.

OAuth 2.0

User-facing integrations can connect through OAuth with PKCE instead of sharing raw credentials directly with automation platforms.

SSO / SAML

Organizations can centralize authentication through SSO for tighter identity and access management.

Controls around sensitive actions

OKRunit is not just an inbox for approvals. It is a control layer around actions that should not execute automatically.

Approval requests can be routed to specific people or teams based on source, priority, and request type.

Teams can require human review before a workflow continues, including multi-step and designated approval flows.

The product records request and decision history so operators can review exactly what was approved, rejected, or changed.

Operational controls such as connection management, key rotation, and emergency-stop style workflow controls help teams reduce blast radius when something goes wrong.

Delivery integrity and traceability

Security depends on being able to trust both the outcome and the path it took.

Webhook callbacks

Approval results can be delivered back to your systems through signed webhook callbacks so downstream workflows can verify origin before acting on the decision.

Audit history

Audit logs capture request activity, flow changes, and route updates to support investigation, compliance review, and debugging.

Learn more

The most implementation-specific security details live in the product documentation.

API authentication and request model

Webhooks and callback verification

SSO and SAML configuration