Current plan level: Business
Monthly/Annual: Annual
Version of Retool: Cloud
Question / Issue
We're seeing two potentially related issues with 2FA and session management in Retool Cloud:
1. Frequent 2FA failures
About once a week, I have to reset 2FA for a user because their code from the authenticator app is rejected.
- I've verified they're using the correct code.
- This issue affects users across different authenticator apps (e.g., Microsoft Authenticator, Okta Verify) and device types (iOS, Android), so it doesn’t seem isolated to a specific platform.
2. Session doesn't expire
On the flip side, I personally haven't been prompted to log in to Retool in over 2 months — despite using it daily.
- Based on Retool's self-hosted docs, the max session length is supposed to be 1 week.
- I can’t find a similar doc for Retool Cloud, but I’d expect some session timeout for security.
Why I’m posting
These issues make me think there might be something off on Retool’s end with 2FA or session management.
Has anyone else experienced this?
Any ideas on:
- Why 2FA codes might stop working?
- Whether max session limits are actually enforced on Retool Cloud?
What I’m hoping to resolve
- Prevent users' valid 2FA codes from failing randomly
- Ensure session timeout settings are respected for security
Thanks in advance for any insight or guidance!