google_identity_platform_config

Identity Platform configuration for a Cloud project. Identity Platform is an end-to-end authentication system for third-party users to access apps and services.

This entity is created only once during intialization and cannot be deleted, individual Identity Providers may be disabled instead. This resource may only be created in billing-enabled projects.

To get more information about Config, see:

Example Usage - Identity Platform Config Basic

resource "google_project" "default" {
  project_id = "my-project"
  name       = "my-project"
  org_id     = "123456789"
  billing_account =  "000000-0000000-0000000-000000"
  labels = {
    firebase = "enabled"
  }
}

resource "google_project_service" "identitytoolkit" {
  project = google_project.default.project_id
  service = "identitytoolkit.googleapis.com"
}

resource "google_identity_platform_config" "default" {
  project = google_project.default.project_id
  autodelete_anonymous_users = true
  sign_in {
    allow_duplicate_emails = true

    anonymous {
        enabled = true
    }
    email {
        enabled = true
        password_required = false
    }
    phone_number {
        enabled = true
        test_phone_numbers = {
            "+11231231234" = "000000"
        }
    }
  }
  sms_region_config {
    allowlist_only {
      allowed_regions = [
        "US",
        "CA",
      ]
    }
  }
  blocking_functions {
    triggers {
      event_type = "beforeSignIn"
      function_uri = "https://us-east1-my-project.cloudfunctions.net/before-sign-in"
    }
    forward_inbound_credentials {
      refresh_token = true
      access_token = true
      id_token = true
    }
  }
  quota {
    sign_up_quota_config {
      quota = 1000
      start_time = ""
      quota_duration = "7200s"
    }
  }
  authorized_domains = [
    "localhost",
    "my-project.firebaseapp.com",
    "my-project.web.app",
  ]
}

Argument Reference

The following arguments are supported:


The sign_in block supports:

The email block supports:

The phone_number block supports:

The anonymous block supports:

The hash_config block contains:

The blocking_functions block supports:

The triggers block supports:

The forward_inbound_credentials block supports:

The quota block supports:

The sign_up_quota_config block supports:

The sms_region_config block supports:

The allow_by_default block supports:

The allowlist_only block supports:

The client block supports:

The permissions block supports:

The mfa block supports:

The provider_configs block supports:

The totp_provider_config block supports:

The multi_tenant block supports:

The monitoring block supports:

The request_logging block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

Config can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import Config using one of the formats above. For example:

import {
  id = "projects/{{project}}/config"
  to = google_identity_platform_config.default
}

When using the terraform import command, Config can be imported using one of the formats above. For example:

$ terraform import google_identity_platform_config.default projects/{{project}}/config
$ terraform import google_identity_platform_config.default projects/{{project}}
$ terraform import google_identity_platform_config.default {{project}}

User Project Overrides

This resource supports User Project Overrides.