Hello. We're hosting a version of Retool and have it configured to allow auth only from Google SSO, and our own domain.
We would like to know if there is any configuration we can add to disable the option of new users from our domain signing up with their accounts. The app must only allow users by invite.
Thank you.
Hey there.
I think you're looking for JIT user provisioning.
Settings - Advanced - Enable JIT user provisioning
btw, we have that option opt-out by default.
@serbanmarti, as I know, this is not possible. We're using SSO with Azure AD auth as the only method and in Azure I can allow certain user(group)s to access Retool with SSO. If a user hasn't been added to that group, that SSO will fail. I invite new users and add them to the security group.
I think JIT that @Punka mentions is doing the contrary, immediately when a new user signs in, a new account is created with out interference of an admin. No need to send invites at all.
Yes, I assumed that JIT has been enabled somehow and suggested to check it.
That's very interesting why Azure and Google SSO automatically create user w/o invite.
We're using AWS Cognito (openid actually) and when not invited user tries to login, "mail not found" error shown and that's all, login denied.