Retool support concurrent session blocking and account lockout after failed login attempts?

1. My goal: We need to meet two specific security requirements flagged during an audit:

   • Blocking concurrent sessions so that a single user account cannot be logged in from multiple devices or browsers at the same time.

   • Automatically locking a user account after a certain number of consecutive failed login attempts.

2. Issue: We cannot find settings for either of these features in the Retool admin panel. It's unclear whether they are supported, and if so, where they are configured.
3. Retool version & hosting setup (Docker, K8s, cloud provider, etc.): Retool version 3.253.8, Self-hosted on AWS EKS
4. Error message(s) or screenshots: N/A — this is a configuration inquiry, not an error. We simply cannot locate these settings in the admin panel.
5. What I’ve tried so far:
   1. Reviewed the Retool admin panel settings but could not find options related to session concurrency or login attempt limits.
   2. Searched the Retool documentation but could not find clear references to these features.

Any guidance on whether these features are supported — and how to configure them — would be greatly appreciated. Thank you!

Hey @jw.kim - welcome to the community! Unfortunately, the core Retool platform doesn't natively support either of these features. There is, however, an open request for the ability to block concurrent sessions, which I'll bump on your behalf. I'll provide an update here if the status of that internal ticket changes.

The other piece of functionality you're asking about - locking a user account - is typically handled by a third party identity provider. Do you currently have SSO configured?