Retool provisioning flow fails with the following error visible in the Okta dashboard:
Automatic provisioning of user XXXXX to app Retool failed: Error while creating user XXXXX: Gateway Time-out. Errors reported by remote server: Invalid JSON: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false'). . .<head><title>504 Gateway Time-out</title></head>
- Retool
- Provisioning
- Error
This error is generated by Retool. A 504 Gateway Time-out error means the Retool service is not reachable, and a timely response is not received from Retool when a provisioning request is sent from Okta.
- As per Retool documentation, if the Retool instance is behind a firewall and being used with Okta, add Okta's IP addresses to the allowlist to connect to Retool.
- IP Addresses/Ranges listed in the Okta documentation must be added to the firewall allowlist for the Retool SCIM Integration to work.
- Refer to this article How to Find Where a Tenant/Cell is Located to find where the Tenant/Cell is Located.
- For example, if the tenant cell is OK14 US Cell, it would be the IP Addresses/Ranges listed in the us_cell_14 section in the Okta IP range allowlist.
"us_cell_14":{"ip_ranges":["3.33.154.57/32","3.33.155.20/32","3.33.219.11/32","3.33.242.42/32","3.33.253.53/32","13.248.141.235/32","13.248.155.80/32","13.248.212.212/32","13.248.238.212/32","13.248.245.245/32","15.197.140.112/32","15.197.155.126/32","15.197.204.97/32","15.197.204.205/32","15.197.208.239/32","34.138.11.164/32","35.71.138.47/32","35.71.174.15/32","35.81.67.0/31","35.81.67.6/32","35.81.67.10/31","35.81.67.12/30","35.81.67.20/31","35.81.67.28/31","35.81.67.30/32","35.81.67.33/32","35.81.67.34/31","35.81.67.36/32","35.81.67.40/30","35.81.67.44/31","35.81.223.96/32","35.82.175.79/32","35.82.204.44/32","35.82.254.95/32","35.83.5.252/32","35.169.83.61/32","35.170.150.244/32","35.247.69.17/32","44.192.202.128/28","44.192.202.144/31","44.224.222.198/32","44.238.82.114/32","44.239.200.144/32","52.33.92.149/32","52.223.16.248/32","52.223.57.221/32","54.146.187.68/32","75.2.34.198/32","75.2.61.222/32","75.2.96.210/32","75.2.118.255/32","76.223.15.44/32","76.223.22.27/32","76.223.94.4/32","76.223.110.18/32","76.223.112.12/32","99.83.132.48/32","99.83.178.31/32","99.83.241.53/32","99.83.243.20/32"]}
- After adding the correct Okta IP Addresses/Ranges on the firewall allowlist, attempt the failed tasks again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.
- After identifying the failed task for the user that should be retried, click on Retry Selected.
NOTE: If the issue persists, contact Retool support for more details about the error message.
