Skip to main content

Enable two-factor authentication

Two-factor authentication (2FA) provides an additional level of security for your Retool organization. When enabled, users must enter a one-time passcode (OTP) generated by an authenticator app each time they log in.

Enable 2FA

Retool organizations on any plan can enforce 2FA for their users. Admins can access this setting from Settings > Advanced under Authentication Options. For Self-hosted Retool deployments, this applies to all domains in your organization.

Setting to require 2FA across entire organization

After you enable 2FA, the user is presented with a QR code they must scan using an authenticator app (e.g., 1Password, Authy, or Google Authenticator) and then confirm the generated one-time passcode (OTP) to complete setup. Once complete, users must also enter a passcode during subsequent logins.

Users of Retool Cloud and Self-hosted organizations on the Enterprise plan can enable 2FA for their account even if it's not required for the organization. Users can enable and reset 2FA on their accounts from Settings > Account.

Reset 2FA for individual users


If you're the only admin of your organization and need to reset your own 2FA to access your account, contact Retool Support.

Retool administrators can reset 2FA for individual users in the Users settings. Navigate to Settings > Users, then click the ... menu for the user. Once reset, the user must setup 2FA again the next time they log in.

Reset 2FA of individual user

Users of Retool organizations on the Enterprise plan can also reset their own 2FA from Settings > Account.