Question secure retool app

Current plan level : Free
Version of Retool (if self-hosted): Cloud

Question / Description:

We have implemented a back office using Retool for an app currently under development.
We are testing the Retool back office before releasing the app.
We have received feedback from our in-house legal and security departments that measures related to personal information protection are necessary.
Does Retool support the following features? If so, which plan should we use, and where can we find relevant documentation?

  1. We want to restrict access to certain pages for users.
  • We want to prevent unauthorized personnel from accessing members' personal information.
  1. We want to automatically log out users after a prolonged period of inactivity after logging into Retool.
  • This is to prevent unauthorized access if someone leaves their login session open for an extended period or after they have left the workplace.

Hey @Mingyu_Lee Welcome to the community,

Access Control in Retool

  1. Restrict Access to Certain Pages for Users

    • Retool supports Organizational access management, which allows you to control who can use Retool and what apps or workflows they can access. This feature is available on the Business or Enterprise plan. You can find more information on user access management in the Governance documentation.
  2. Prevent Unauthorized Personnel from Accessing Personal Information

    • Retool implements row-level security using user attributes, which allows you to ensure that users can only see data relevant to them. This feature requires proper configuration and is best supported on the Business or Enterprise plan. Details on this can be found in the Row-Level Security documentation.
  3. Automatically Log Out Users After Prolonged Inactivity

    • Retool does not explicitly mention a built-in feature for automatic logout due to inactivity in the available documentation. However, it is recommended to practice security measures such as stronger session management as part of your organization's security policy.

For more advanced security features and options, consider upgrading to either the Business or Enterprise plan. You can find pricing details on the Retool pricing page.

1 Like

@Mingyu_Lee, @WidleStudioLLP is correct in saying that Retool does not explicitly have a built-in feature for automatic logout due to inactivity. However, you can set session duration in your SSO configurations. The business plan allows you to use Google SSO where you can set your session duration, but not a Custom SSO. For Custom SSO, you would need to be in Enterprise plan.

2 Likes