This is an example Retool project that includes 3 Retool Apps to demonstrate just-in-time access management using the Twingate API. Retool is a low-code software platform designed to allow organisations to create internal apps with minimal effort.
Using these apps an organisation can designate owners for Twingate groups and allow users to request access to those groups. These apps are intended to showcase the capabilities of the Twingate API as well as provide a starting point for organisations to develop Zero Trust access flows according to their bespoke requirements.
- A Twingate account (Signup for free here)
- A Retool account
- A Google Sheet Space
- Create new Google Sheet with name
Twingate Zero Trust Access Manager Google Sheet - Create two tabs in the sheet
OwnersandRequests - Alternatively, make a copy of this Google Sheet
Create new Google Sheets resource with the following configurations.
Create new GraphQL resource with the following configurations.
Note: The Twingate API key can be generated in the Twingate Admin Console.
- Twingate Zero Trust Access Manager - Admin.json
- Twingate Zero Trust Access Manager - User Dashboard.json
- Twingate Zero Trust Access Manager - Group Owner Dashboard.json
Create three new apps using the Retool "Create New From JSON", one for each downloaded JSON file.
Change the resource to the previously created resource Twingate API for the following queries:
- getAllGroups
- getAllUsers
Change the resource to the previously created resource Twingate Zero Trust Access Manager Database and spreadsheet to the previously created Google Sheet Twingate Zero Trust Access Manager Google Sheet for the following queries:
- getAllOwners
- updateRemoveOwner
- updateAddOwner
- updateAddOwnerNewRow
Note: make sure no other configurations of these queries are changed.
Change the resource to the previously created resource Twingate API for the following queries:
- getAllGroups
- getUserInfo
Change the resource to the previously created resource Twingate Zero Trust Access Manager Database and spreadsheet to the previously created Google Sheet Twingate Zero Trust Access Manager Google Sheet for the following queries:
- getAllOwners
- getAllRequests
- updateAddRequest
Change the resource to the previously created resource Twingate API for the following queries:
- addUserToGroupMutation
Change the resource to the previously created resource Twingate Zero Trust Access Manager Database and spreadsheet to the previously created Google Sheet Twingate Zero Trust Access Manager Google Sheet for the following queries:
- getAllOwners
- getAllRequests
- updateApproveRequestStatus
- updateDenyRequestStatus
The app is used to add/revoke group ownerships. Only admin users should have the permission to this app. The SYNCED groups (e.g. Okta synced groups) are not shown within this app. The group ownership details are stored in the Google Sheet (Owners tab).
The app can be used by users to request access to Twingate groups. The user can only make a request to groups that:
- they are not a member of
- has at least one owner
The request is stored in the Google Sheet (Requests tab). Further, the user's request status is also shown within this app.
The app can be used by group owners to approve or reject requests. The group owners can only approve/reject requests that they are owner of.
The Twingate API (GraphQL mutation) is used to add the user to the Twingate group if the request is approved. The Google Sheet would also be updated (Requests tab) to reflex the request is approved/rejected.