Integration Hub RetoolSSO

Steps to configure SAML SSO Retool

About Retool

Retool is a low-code platform that helps developers quickly build internal tools such as dashboards, admin panels, and workflows by connecting to databases or APIs and using drag-and-drop UI components.

The following steps will help you enable SSO for Retool from Identity360.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
  2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
  3. Navigate to Applications > Application Integration > Create New Application, and select Retool from the applications displayed.
    Note: You can also find Retool from the search bar located at the top.
  4. Under the General Settings tab, enter the Application Name and Description.
  5. Under the Choose Capabilities tab, select Single Sign-on and click Continue.
    Identity360 application configuration General SettingsGeneral Settings of SSO configuration for Retool.
  6. On the Integration Settings tab, navigate to Single Sign On and click IdP Details. Copy the Metadata value, which will be used later during the configuration in Retool.
    Identity360 application configurationIntegration Settings of SSO configuration for Retool.

Retool (service provider) configuration steps

  1. Log in to Retool, the service provider (SP), as an administrator.
  2. Navigate to Settings > Single Sign-On (SSO) > SAML SSO.
    Note: For accessing the self-hosted version, navigate to Settings > Advanced > Single Sign-On (SSO) > Custom SSO > SAML SSO.
  3. In the Identity Provider Metadata field, paste the Metadata value copied in step 6 of the prerequisites.
  4. In the Attributes section, enter firstName and lastName in the First name and Last name fields, respectively.
  5. Click Save Changes.
  6. To test the integration settings, click Test Connection.

Identity360 (identity provider) configuration steps

  1. Switch to the application configuration page in Identity360, the identity provider (IdP).
  2. In the ACS URL field, paste the appropriate URL:
    • For cloud Retool logins: https://{your-company}.retool.com/api/saml/login
    • For self-hosted Retool logins: https://{domain_name}/saml/login
  3. In the Entity ID field, paste the corresponding URL:
    • For cloud Retool logins: https://tryretool.com
    • For self-hosted Retool logins: {domain_name}
  4. Enter the Relay State parameter, if necessary.
    Note: The Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
  5. Click Save.
    Identity360 application configurationIntegration Settings of SSO configuration for Retool.
  6. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to Retool through the Identity360 portal.

Note: For Retool, both SP-initiatied and IdP-initiated flows are supported.

Steps to enable MFA for Retool

Setting up MFA for Retool using Identity360 involves the following steps:

  1. Set up one or more authenticators for identity verification when users attempt to log in to Riva Cloud. Identity360 supports various authenticators, including Google Authenticator, Zoho OneAuth, and email-based verification codes. Click here for steps to set up the different authenticators.
  2. Integrate Retool with Identity360 by configuring SSO using the steps listed here.
  3. Now, activate MFA for Retool by following the steps mentioned here.

How does MFA for applications work in Identity360?

  SSO Integration flow diagram  

Don't see what you're looking for?

  •  

    Visit our community  

    Post your questions in the forum.

     
  •  

    Request additional resources  

    Send us your requirements.