Skip to main content

Configure Spaces

Learn how to set up Spaces for your organization.

Retool Spaces is available for organizations on the Enterprise plan on Retool Cloud and self-hosted Retool versions 3.18 and later.

Retool Spaces are an organizational feature that allow you to split your Retool organization into multiple isolated ones, which offers a multitenant experience. Each Space has its own:

  • Subdomain
  • SSO configuration
  • Source Control configuration
  • User accounts and permission groups
  • Retool Database
  • Folders, apps, workflows, modules, queries, resources, etc.

Spaces are useful when:

  • Your teams want to have separate source control repositories and sets of apps available to them.
  • You have isolated use cases which don't overlap with the rest of your Retool usage: e.g., you want to create a suite of “performance review” apps or an external portal, each with its own set of users, apps, and resources.
  • You want to delegate administration of Retool to a distributed set of admins, based on the apps they’ll be overseeing.

See the guide to governance on Retool to learn when to use Spaces, multiple instances, and permission groups.

Initial setup and Admin Space

Navigate to Settings > Spaces to enable Spaces. This will set up Spaces and provision SSL certificates, which typically takes around five minutes. Once it is finished, you will be able to create Spaces.

Create Spaces

Admins on the Admin Space can create and manage Spaces from Settings > Spaces, or use the Retool API. Each Space must have a name, description, and associated domain, which cannot change after the space is created. Spaces can automatically copy over SSO, branding, and theme settings from the current organization when created.

Configure domains

If the domain on which you enable Spaces is parent.retool.com, every child Space will automatically be located as a subdomain (e.g., child.parent.retool.com). You can always configure a custom domain for your child Space.

Log in to new spaces

The admin of the new Space can log in using the following methods:

  • If SSO was copied over for the new Space, Retool creates an admin account for this superadmin on the new Space. They can use SSO to log in directly to the new Space.
  • If SSO hasn’t been configured for the Space, the admin needs to log in by resetting the password associated with their email address.

Spaces that aren't the Admin Space can also have their own admin users. These users have admin privileges, but they cannot create new Spaces. New Spaces can only be created from the Admin Space by its superadmins.

Configure Spaces

Admins can customize SSO, invite users, configure source control, and update settings on Spaces, the same way they update settings on existing organizations.

You can use the Retool API to programmatically configure Spaces. See the guide for more information.

Spaces and SSO

Each Space has its own SSO configuration, but you can copy SSO settings from other Spaces. Since each Space has a different domain name, you must confirm that a correct callback URL is configured in your IdP. Most IdPs allow you to add multiple callback URLs; you need to add one for each Space. Some IdPs, like Auth0, support wildcards in callback URLs.

Okta's Retool integration accepts a single domain name in its configuration, so you need to configure a separate Okta app for each Space, or use the generic OIDC or SAML app configuration to provide multiple callback URLs.

Spaces can also use different SSO settings depending on their use cases. For example, a general-purpose Space with apps for everyone at your company may use JIT provisioning. A Space for use with only a finance team might need explicit user provisioning.

SSO settings and environment variables

When you use environment variables to configure SSO settings, those settings apply to all Spaces, unless you override them per Space from Settings > SSO.

This applies to all SSO settings except those used for SCIM provisioning. To use SCIM provisioning on a child Space, you must create an access token with the scim scope from Settings > API on the child Space. The SCIM_AUTH_TOKEN environment variable only applies to the admin Space and is not supported on the child Space.

Spaces and Source Control

To use Spaces with Source Control, ensure you migrate your apps to Toolscript.

Each Space has its own separate Source Control configuration, so it can connect to a different Git repository or an entirely different SCM provider. For each new Space, you need to set up Source Control to point to the repository that should be linked to the space.

Spaces can also connect to the same Git repository. For example, you might want to use Spaces to represent different dev, staging, and prod environments. These Spaces function the same as multiple instances connected to the same Git repository—you can choose which branch to point to by default, and sync changes when commits are merged into this branch.

Spaces and Retool Database

Each Space has its own Retool Database. If you already configured an external PostgreSQL cluster to use on your self-hosted instance, you can connect the new Space's Retool Database to the same cluster. Each Space automatically creates a new database in the cluster.

Switch between Spaces

Users can have accounts in multiple Spaces and switch between them. From the navigation bar, users can select the Spaces in which they have an account. Users must log into each space separately.

Copy across Spaces

For organizations on the Enterprise plan on Retool Cloud and self-hosted Retool versions 3.41 and later, admins can copy apps, resources, Query Library queries, and workflows across Spaces. The following applies to all copied items:

  • Copies are unprotected in the destination Space.
  • Copied resources are created in the destination Space's default environment.
  • All dependencies except environment variables are copied to the destination Space. You must configure environment variables in the destination Space.
  • Releases, permissions, and unit tests are not copied to the destination Space.