Skip to main content

Configure a custom domain for cloud organizations

You can configure your cloud organization to use a custom domain. This enables your users to more easily navigate and improves the embedded app across browsers.

Use the following steps to configure a custom subdomain. To configure a different root (or apex) domain, refer to Use an apex or root domain.

1. Configure DNS

DNS configuration needs to be completed with the tooling you use to manage your top level domain name. This is often the registrar where you registered the domain, or a DNS provider such as Cloudflare or AWS.

Create a CNAME record that maps your Retool domain to Retool’s alias for custom domains:

  • custom-domain.retool.com

custom-domain.retool.com is a fixed Retool endpoint used for all custom domains, and all custom domains must have a CNAME record that points to custom-domain.retool.com. Do not point your domain to https://example.retool.com.

When configuring DNS, you map a subdomain (for example, app.mycompany.com) to Retool’s shared custom domain endpoint with a CNAME record. Root or “apex” domains (for example, mycompany.com) can’t use a CNAME record and require different steps. Refer to Use an apex domain.

Retool does not support using wildcard * DNS entries for your configuration as these can expose you to domain takeovers.

DNS changes can take up to 24 hours to propagate in some cases. To validate that your DNS is configured and propagated, you can use the dig command on the command line:

$ dig mycompany.retool.com CNAME +noall +answer

; <<>> DiG 9.10.6 <<>> mycompany.retool.com CNAME +noall +answer
;; global options: +cmd
mycompany.retool.com. 120 IN CNAME custom-domain.retool.com.

2. Configure Retool

Navigate to Branding settings. Under Add a custom domain, enter the domain name in the text box.

A screenshot of the Retool branding settings page showing custom domains
A screenshot of the Retool branding settings page showing custom domains

The domain briefly enters a pending state while Retool provisions HTTPS certificates and updates internal infrastructure to support the new domain. An error state likely indicates that the DNS wasn't updated to point to Retool. If this occurs, verify that your DNS is updated and that dig shows the correct IP addresses, and then retry verification.

3. Log in

The domain should be configured after a few minutes. Sign out of your organization and back in through your custom domain to confirm. Your new login page should be visible on <your_custom_domain>/auth/login.

Note that you can still log in through <your_subdomain>.retool.com/auth/login as well as <your_custom_domain>/auth/login.

The Sign in with Google option is not available by default when accessing the login page using your custom domain. You must configure Google SSO for your custom domain to make it available. Users can still log in using Sign in with Google at <your_subdomain>.retool.com/auth/login or login.retool.com/auth/login until you make this change.

Use an apex domain

Custom domains in Retool are typically subdomains, such as app.yourcompany.com, configured with a CNAME record that points to custom-domain.retool.com. Apex domains, which are configured as a root domain such as yourcompany.com, are also supported, but not recommended.

Retool recommends using a subdomain where possible. Subdomains are easier to route and maintain over time, and apex support relies on fixed IP addresses, which are less flexible than a CNAME record if Retool’s infrastructure changes.

DNS standards don’t allow a CNAME record on an apex domain like yourcompany.com, so apex domains must be configured differently. If you must use an apex domain, use the following steps:

  1. Create A records for yourcompany.com that point to Retool’s managed static IP addresses:
162.159.143.39
172.66.3.35
  1. Remove any other A records for the domain.

Find your Retool subdomain

Every cloud organization has a default URL in the form yoursubdomain.retool.com. This URL always works, even if your custom domain is unavailable. To find your subdomain, use one of the following strategies:

  • Visit the original Retool URL you used before setting up your custom domain.
  • Navigate to Settings > Advanced settings > Change subdomain settings (for Admins only),
  • Check your browser’s address bar when you sign in without the custom domain.

Using Retool Embed

To embed Retool apps from your Retool-hosted organization into a website like https://example.com, ensure that Retool is on the root example.com domain or a subdomain like retool.example.com. Because Retool is the hosting provider, you need to make some changes to your DNS configuration.

Some web browsers, like Safari, block third party cookies by default. Since Retool sets cookies when authenticating users, attempting to authenticate the embedded Retool app across domains is not possible in these browsers, unless you change your browser's cookie privacy settings.