Identity Toolkit roles and permissions
Stay organized with collections Save and categorize content based on your preferences.

This page lists the IAM roles and permissions for Identity Toolkit. To search through all roles and permissions, see the role and permission index.

Identity Toolkit roles

Role Permissions

Role	Permissions
Identity Toolkit Admin (`roles/identitytoolkit.admin`) Full access to Identity Toolkit resources.	`firebaseauth.` `firebaseauth.configs.create` `firebaseauth.configs.get` `firebaseauth.configs.getHashConfig` `firebaseauth.configs.getSecret` `firebaseauth.configs.update` `firebaseauth.users.create` `firebaseauth.users.createSession` `firebaseauth.users.delete` `firebaseauth.users.get` `firebaseauth.users.sendEmail` `firebaseauth.users.update` `identitytoolkit.` `identitytoolkit.tenants.create` `identitytoolkit.tenants.delete` `identitytoolkit.tenants.get` `identitytoolkit.tenants.getIamPolicy` `identitytoolkit.tenants.list` `identitytoolkit.tenants.setIamPolicy` `identitytoolkit.tenants.update`
Identity Platform Service Agent (`roles/identitytoolkit.serviceAgent`) Gives Identity Platform service account access to customer project resources. Warning: Do not grant service agent roles to any principals except service agents.	`cloudfunctions.functions.invoke` `recaptchaenterprise.assessments.create` `recaptchaenterprise.keys.create` `recaptchaenterprise.keys.delete` `recaptchaenterprise.keys.get`
Identity Toolkit Viewer (`roles/identitytoolkit.viewer`) Read access to Identity Toolkit resources.	`firebaseauth.configs.get` `firebaseauth.users.get` `identitytoolkit.tenants.get` `identitytoolkit.tenants.getIamPolicy` `identitytoolkit.tenants.list`

Identity Toolkit Admin

(roles/identitytoolkit.admin)

Full access to Identity Toolkit resources.

firebaseauth.*

firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.getSecret
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update

identitytoolkit.*

identitytoolkit.tenants.create
identitytoolkit.tenants.delete
identitytoolkit.tenants.get
identitytoolkit.tenants.getIamPolicy
identitytoolkit.tenants.list
identitytoolkit.tenants.setIamPolicy
identitytoolkit.tenants.update

Identity Platform Service Agent

(roles/identitytoolkit.serviceAgent)

Gives Identity Platform service account access to customer project resources.

cloudfunctions.functions.invoke

recaptchaenterprise.assessments.create

recaptchaenterprise.keys.create

recaptchaenterprise.keys.delete

recaptchaenterprise.keys.get

Identity Toolkit Viewer

(roles/identitytoolkit.viewer)

Read access to Identity Toolkit resources.

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list

Identity Toolkit permissions

Permission	Included in roles
`identitytoolkit.tenants.create`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Toolkit Admin (`roles/identitytoolkit.admin`)
`identitytoolkit.tenants.delete`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Toolkit Admin (`roles/identitytoolkit.admin`)
`identitytoolkit.tenants.get`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Platform Viewer (`roles/identityplatform.viewer`) Identity Toolkit Admin (`roles/identitytoolkit.admin`) Identity Toolkit Viewer (`roles/identitytoolkit.viewer`)
`identitytoolkit.tenants.getIamPolicy`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Platform Viewer (`roles/identityplatform.viewer`) Identity Toolkit Admin (`roles/identitytoolkit.admin`) Identity Toolkit Viewer (`roles/identitytoolkit.viewer`)
`identitytoolkit.tenants.list`	Owner (`roles/owner`) Editor (`roles/editor`) Viewer (`roles/viewer`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Security Admin (`roles/iam.securityAdmin`) Security Reviewer (`roles/iam.securityReviewer`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Platform Viewer (`roles/identityplatform.viewer`) Identity Toolkit Admin (`roles/identitytoolkit.admin`) Identity Toolkit Viewer (`roles/identitytoolkit.viewer`)
`identitytoolkit.tenants.setIamPolicy`	Owner (`roles/owner`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Security Admin (`roles/iam.securityAdmin`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Toolkit Admin (`roles/identitytoolkit.admin`)
`identitytoolkit.tenants.update`	Owner (`roles/owner`) Editor (`roles/editor`) Firebase Admin SDK Administrator Service Agent (`roles/firebase.sdkAdminServiceAgent`) Identity Platform Admin (`roles/identityplatform.admin`) Identity Toolkit Admin (`roles/identitytoolkit.admin`)

Identity Toolkit roles and permissions
Stay organized with collections Save and categorize content based on your preferences.