Summary and recommendation
Retool user management can be run manually, but complexity usually increases with role models, licensing gates, and offboarding dependencies. This guide gives the exact mechanics and where automation has the biggest impact.
Retool's user management lives at Settings → Users inside the organization dashboard. Admins control invitations, group assignments, role changes, and deactivations from that single panel.
Every app a user can access is governed by group membership, so getting group assignment right at invite time prevents access gaps from day one.
Quick facts
| Admin console path | Settings → Users (within the Retool organization dashboard) |
| Admin console URL | Official docs |
| SCIM available | Yes |
| SCIM tier required | Enterprise |
| SSO prerequisite | Yes |
User types and roles
| Role | Permissions | Cannot do | Plan required | Seat cost | Watch out for |
|---|---|---|---|---|---|
| Admin | Full organization control: invite/remove users, manage billing, configure SSO/SCIM, create and edit all apps, manage all groups and permissions. | Nothing restricted within the organization scope. | All plans (Free, Team, Business, Enterprise) | Counts as a standard user seat. Team: $10/user/mo (annual). Business/Enterprise: custom pricing. | At least one Admin must remain in the organization; you cannot remove the last Admin. |
| Member (Standard User / Editor) | Can build and edit apps, create queries and resources they have access to, manage their own apps. Access to specific resources and apps is controlled by group permissions. | Cannot manage organization-level settings, billing, SSO, or invite users unless granted additional permissions. | All plans | Team: $10/user/mo (annual). Business/Enterprise: custom pricing. | Standard users (builders/editors) are billed at a higher per-seat rate than end users on plans that differentiate the two. |
| End User (Viewer) | Can only use (run) published Retool apps they have been granted access to. Cannot edit apps or access the editor. | Cannot build or edit apps, cannot access the Retool editor, cannot manage resources or queries. | All plans; differentiated end-user pricing available on Business and Enterprise. | Lower per-seat cost than standard users on Business/Enterprise. Free plan includes 5 users total. Enterprise typical pricing: ~$94K–$156K/yr for 50 standard + 200 end users. | End users are counted separately from standard users for billing. On the Free plan, all users share the same 5-seat pool regardless of role. |
| Viewer (legacy / app-level) | Read-only access to specific apps. Can run apps but not edit them. | Cannot edit apps or access the editor. | All plans | Counted as end-user seats on plans with differentiated pricing. | Retool has consolidated viewer/end-user terminology across documentation; check current plan details for exact labeling. |
Permission model
- Model type: hybrid
- Description: Retool uses a group-based, role-aware permission model. Users are assigned to Groups, and permissions (view, use, edit, own) are granted to groups on specific resources (apps, queries, resources/connectors). Built-in organization-level roles (Admin, Member) control org-wide capabilities. Custom permission groups can be created to grant granular access to specific apps or resources. On Enterprise, custom roles with fine-grained permissions are supported.
- Custom roles: Yes
- Custom roles plan: Enterprise
- Granularity: Per-app and per-resource permission grants (view, use, edit, own) assigned at the group level. Organization-level role controls (Admin vs Member) are separate from resource-level group permissions.
How to add users
- Navigate to Settings → Users in the Retool organization dashboard.
- Click 'Invite users'.
- Enter the email address(es) of the user(s) to invite.
- Select the user's role (Admin or Member) and optionally assign them to one or more groups.
- Click 'Send invite'. The invited user receives an email invitation to join the organization.
- The user accepts the invitation and creates or logs into their Retool account.
Required fields: Email address
Watch out for:
- Invited users consume a seat immediately upon accepting the invitation, not at the time of invite send.
- On the Free plan, the organization is capped at 5 total users; invitations beyond this limit will be blocked.
- Users must accept the email invitation before they appear as active members; pending invites are shown separately.
- Group assignment at invite time is optional but recommended to ensure correct app access from first login.
- SSO-enabled organizations may require users to authenticate via the configured IdP; direct email/password login may be disabled.
| Bulk option | Availability | Notes |
|---|---|---|
| CSV import | No | Not documented |
| Domain whitelisting | No | Automatic domain-based user add |
| IdP provisioning | Yes | Enterprise (SCIM requires Enterprise plan and SSO prerequisite) |
How to remove or deactivate users
- Can delete users: Yes
- Delete/deactivate behavior: Retool supports both deactivating and deleting users. Deactivating a user revokes their access without removing their account record; they can be reactivated. Deleting a user permanently removes them from the organization. Via SCIM, deprovisioning from the IdP deactivates the user in Retool. Admins can also manually remove (delete) users from Settings → Users.
- Navigate to Settings → Users.
- Locate the user in the user list.
- Click the options menu (⋯) next to the user's name.
- Select 'Deactivate user' to suspend access, or 'Remove user' / 'Delete user' to permanently remove them.
- Confirm the action in the dialog prompt.
| Data impact | Behavior |
|---|---|
| Owned records | Apps, queries, and resources created by the removed user remain in the organization and are not deleted. Ownership may need to be manually reassigned. |
| Shared content | Apps and resources shared with groups remain accessible to other group members. The removed user's contributions (app edits, queries) persist. |
| Integrations | Resource connections (database credentials, API keys) configured by the user remain active and are not automatically removed. |
| License freed | Deactivating or removing a user frees their seat, making it available for a new user on the next billing cycle or immediately depending on plan terms. |
Watch out for:
- Deactivated users via SCIM cannot log in but their data and created resources remain intact.
- If the removed user was the sole owner of critical apps, those apps may lack an active owner; reassign ownership before removal.
- On Enterprise with SCIM, deprovisioning in the IdP (Okta, Entra ID) automatically deactivates the user in Retool; manual removal in Retool is still required to fully delete the record if desired.
- Removing the last Admin is blocked by the system; promote another user to Admin first.
License and seat management
| Seat type | Includes | Cost |
|---|---|---|
| Standard User (Builder/Editor) | Full app building, editing, resource management, and app usage. Counts toward standard user seat quota. | Free plan: included in 5-user pool. Team: $10/user/mo (annual). Business/Enterprise: custom pricing. |
| End User (Viewer) | App usage (running published apps) only. No editor access. Counted separately from standard users on Business and Enterprise plans. | Lower per-seat rate than standard users on Business/Enterprise. Free plan: shares the 5-user pool. Enterprise typical: differentiated rate within ~$94K–$156K/yr bundle. |
- Where to check usage: Settings → Users (shows active user count and seat usage). Billing details available under Settings → Billing.
- How to identify unused seats: Review the 'Last active' or 'Last login' timestamp column in Settings → Users to identify users who have not logged in recently. No automated unused-seat report is documented in official docs.
- Billing notes: Annual billing provides approximately 20% discount over monthly. Standard and end-user seats are priced differently on Business and Enterprise plans. Free plan is capped at 5 users and 500 workflow runs/month. SCIM-based provisioning is only available on Enterprise. SSO is required before SCIM can be enabled.
The cost of manual management
Manual provisioning in Retool means individually inviting each user by email - there is no CSV bulk-import path. Every app access grant requires a separate group assignment, and those assignments must be audited and cleaned up by hand when someone leaves.
Identifying stale accounts means manually scanning the Last Active column in Settings → Users, since no automated unused-seat report is documented. Seat counts are not always automatically reclaimed after deactivation; some teams report needing to contact support to reconcile billing after removals.
What IT admins are saying
Community evidence is not specific enough to quote or summarize yet for this app.
The decision
Manual management is viable for small, stable teams where the builder count is low and turnover is infrequent. Once a team crosses into frequent onboarding, role changes, or offboarding cycles, the absence of bulk provisioning and automated seat reclamation creates compounding overhead.
The hard constraint to know upfront: SSO must be configured before SCIM can be enabled, and both require Enterprise. Teams that need automated lifecycle management should factor that plan requirement into their evaluation before committing.
Bottom line
Retool's manual user management is straightforward for day-to-day admin tasks but does not scale gracefully. Every app access grant is a group operation, every offboarding is a manual step, and there is no bulk-invite path outside of SCIM.
The Enterprise plan requirement for both SSO and SCIM is the single most significant operational constraint for growing teams.
Automate Retool workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
