Skip to main content

Configure Google OIDC SSO

Learn how to set up Google SSO with OpenID Connect (OIDC).

Available on:Enterprise plan

Follow this guide to configure Google SSO using OpenID Connect (OIDC). Refer to the Sign in with Google to configure SSO using Sign in with Google.


To configure Google OIDC SSO, you must:

  • Have admin permissions on Retool Cloud or permissions to add environment variables on self-hosted Retool instances.
  • Have permissions to create a Google OAuth Client.

1. Create a Google OAuth Client ID

Go to your Google Developer Console and create an OAuth client ID.

If you are asked to configure an OAuth consent screen, select Internal. Configure the app as a Web application and enter under Authorized redirect URIs > URIs.

Save your Client ID and Client secret.

2. Configure settings in Retool


Google requires the URL parameters access_type=offline and prompt=consent to obtain refresh tokens, so you should include these in your Auth URL variable.

Configure SSO settings in Retool.


When possible, use the Settings UI to configure SSO for a more streamlined setup. Existing environment variables pre-populate in the Settings UI, which you can override or preserve. Some settings are only available as environment variables.

On Retool Cloud and self-hosted Retool versions 3.16 and later, enter settings on Settings > Single Sign-On (SSO).

Client secretxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Scopesopenid email profile
Auth URL
Token URL
First name keyidToken.given_name
Last name keyidToken.family_name