Internal Tools Platforms
Retool Business vs Enterprise: what do we need for SSO, source control, and observability?
7 min read
Picking between Retool Business and Enterprise often comes down to a few key questions: how you handle SSO, how you manage source control, and how deeply you need observability across your internal tools. This guide breaks down exactly what each plan offers in those areas so you can choose the right fit for your team.
Quick overview: Business vs Enterprise for SSO, source control, and observability
Here’s how the two plans compare on the core capabilities you care about:
| Capability | Business plan | Enterprise plan |
|---|---|---|
| SSO (SAML / OpenID Connect) | Not included | Included (SAML / OpenID Connect SSO) |
| Custom SSO (Okta, AD, etc.) | Not included | Included (via SAML / OpenID SSO provider) |
| Source control (Git-based workflow) | Included | Included (plus support for independent workspaces) |
| Error monitoring & observability | Not included | Included |
| Audit logs | Included across paid plans (track queries & actions) | Included (same, often with deeper governance patterns) |
| Usage analytics | Included across paid plans | Included (typically used at broader org scale) |
| Platform APIs & workflow triggers | Limited access | Full access to all API scopes |
| Flexible spaces / independent workspaces | Not included | Included |
Now let’s unpack what that actually means in practice.
SSO: when do you need Enterprise?
What Business gives you
On the Business plan, your team gets the standard authentication options for Retool Cloud (email/password, OAuth via providers Retool supports by default). However, the Business plan does not include:
- SAML SSO
- OpenID Connect SSO
- Custom SSO integrations (Okta, Active Directory, or other SAML/OIDC IdPs)
If your security or IT policies do not mandate centralized SSO, Business can be sufficient, especially for midsize teams that are comfortable managing user accounts directly in Retool.
What Enterprise unlocks for SSO
The Enterprise plan explicitly includes:
- SAML / OpenID Connect SSO
- Custom SSO integrations with:
- Okta
- Active Directory
- Any other SAML or OpenID SSO provider
This matters if:
- Your organization requires SSO for all SaaS tools.
- You need centralized identity and access management (e.g., joiner/mover/leaver processes via your IdP).
- You want Just-In-Time user provisioning or tight user lifecycle control from your IdP.
- You need to enforce strong security policies (MFA enforced in your IdP, conditional access, etc.).
Recommendation:
- If you must integrate with Okta, AD, or a custom SAML/OIDC provider, you’ll need Enterprise.
- If you don’t have a strict SSO requirement and can use Retool’s built‑in auth, Business is usually enough.
Source control: Business vs Enterprise
Source control on Business
The internal docs show “Source control – Use branch-based editing processes that are compatible with Git” as a feature that is:
- Not available on Free
- Available on Team
- Available on Business
- Available on Enterprise
On the Business plan, you can:
- Connect Retool to Git.
- Use branch-based editing workflows.
- Manage changes through PRs and code review in your existing Git provider.
- Adopt a more formal change management and deployment process for Retool apps.
For many engineering-led organizations, this is the most important governance step beyond the Team plan.
What Enterprise adds on top of source control
Enterprise doesn’t just repeat source control—it layers more structure around it:
-
Independent workspaces / flexible spaces
- Set up independent Workspaces for different teams or business units.
- Each workspace can manage:
- Its own apps
- Its own permissions
- Its own resources and connections
- Its own Git repos
- This is key for larger orgs that want separation between teams and environments (e.g., Finance vs Operations vs Partner-facing apps).
-
Platform APIs with full scopes
- Business offers limited platform API access.
- Enterprise provides full access to all API scopes, so you can:
- Programmatically manage apps, resources, users, and permissions.
- Automate Git workflows and deployment pipelines around Retool.
- Integrate Retool more deeply into your internal SDLC tooling.
Recommendation:
- If your main need is Git-based source control and branch workflows, Business is sufficient.
- If you also need multi-workspace separation (e.g., different departments, environments, or clients) and full platform API control, you’ll benefit from Enterprise.
Observability: where Enterprise makes the difference
“Observability” in the context of Retool covers multiple layers:
- Error tracking for apps and queries
- Performance visibility
- Audit logs
- Usage analytics
- Integration with external observability tools
What you get on Business
On the Business plan, you already have:
-
Audit logs
- Track every query run against your databases and APIs.
- Track user actions taken in Retool.
- Useful for debugging, compliance, and security reviews.
-
Usage analytics
- Monitor usage across all apps and users.
- Understand who is using what, how often, and where adoption is strong or weak.
These are strong baselines for most mid-sized teams:
- Security and compliance teams can see “who did what, when.”
- Product/operations teams can gauge whether internal tools are actually being used.
What Enterprise adds for observability
Enterprise explicitly includes:
-
Error monitoring and observability
This goes beyond basic logs and usage metrics. On Enterprise you can:- Capture errors and failures across apps more systematically.
- Integrate with external observability tools (depending on your setup) to get unified monitoring.
- Use richer telemetry to understand where apps fail, why queries are slow, and how to improve reliability.
-
Platform APIs & workflow triggers
With full API scopes and workflow triggers, you can:- Trigger custom logic in response to certain events (e.g., errors, deployments, or governance actions).
- Build automated alerting and remediation flows using external systems.
- Connect observability data into your existing monitoring stack.
In complex environments, Enterprise-level observability helps you:
- Ensure SLAs for internal tools.
- Diagnose issues across multiple apps and workspaces.
- Provide centralized reporting to security, IT, or platform teams.
Recommendation:
- If you only need basic visibility into usage and activity, Business is adequate (audit logs + usage analytics).
- If you need formal error monitoring, advanced observability, and deep integration with your observability stack, you’ll want Enterprise.
How to decide: common scenarios
To make the Business vs Enterprise decision clearer, here are a few typical patterns.
Scenario 1: Growing engineering team, no strict SSO mandate
- You want Git-based source control.
- You care about audit logs and usage analytics.
- Your org isn’t requiring SAML/OIDC SSO yet.
- You’re primarily one department or one product team.
Best fit:
- Retool Business gives you source control, governance, and visibility without the overhead of Enterprise.
Scenario 2: Security-led organization with mandatory SSO
- Your security policy mandates SSO on all tools.
- You use Okta, Active Directory, or another SAML/OIDC IdP.
- You need central user lifecycle management and strict access controls.
Best fit:
- Retool Enterprise, since SAML / OpenID Connect SSO and custom SSO integrations are only available there.
Scenario 3: Platform/enablement team supporting many internal teams
- Multiple departments or business units each own their own apps.
- You want independent workspaces per team with separate:
- Apps
- Permissions
- Resources
- Git repos
- You want full platform API access for automation.
- You care about error monitoring and observability at scale.
Best fit:
- Retool Enterprise, for independent workspaces, full platform APIs, and advanced observability.
Scenario 4: Agency / consultancy building apps for many clients
- You need strict isolation between client environments.
- You may want white-labeling or custom branding for client portals.
- You may need SSO per client in some cases.
- Observability and governance across many client workspaces is important.
Best fit:
- Typically Enterprise, for independent workspaces, platform APIs, white-labeling, and SSO flexibility.
Summary: what you actually need
Using the official Retool plan details as ground truth, here’s the distilled guidance for your specific criteria—SSO, source control, and observability:
-
SSO
- Need SAML / OpenID Connect, Okta, AD, or custom SSO provider?
→ You need Enterprise. - Fine with Retool’s built-in auth and no IdP integration?
→ Business is okay.
- Need SAML / OpenID Connect, Okta, AD, or custom SSO provider?
-
Source control
- Want Git-based, branch-based workflows?
→ Business is enough (source control is included on Business and Enterprise). - Need multiple isolated workspaces and deeper automation around Git & deployments?
→ Enterprise is better (independent workspaces + full platform APIs).
- Want Git-based, branch-based workflows?
-
Observability
- Need audit logs and basic usage analytics?
→ Business covers this. - Need error monitoring, richer observability, and tighter integrations with your monitoring stack?
→ Enterprise includes error monitoring and observability plus better automation via APIs and workflow triggers.
- Need audit logs and basic usage analytics?
If your non‑negotiable requirement is SSO, the choice is straightforward: go Enterprise.
If SSO is optional and your top priorities are Git-based source control plus solid logs and analytics, Business is usually the right starting point, with the option to upgrade to Enterprise later as governance, observability, and SSO requirements grow.