Stay organized with collections
Save and categorize content based on your preferences.
This article describes the UiConfig, ExtendedTenantUiConfig, and
SignInOption interfaces that are available when creating a sign-in
page for Identity-Aware Proxy using Cloud Run.
interfaceSignInOption{// The provider identifier, such as facebook.com or saml.my-saml-provider-id.provider:string;// The provider label name.providerName?:string;// The full label of the button. Instead of "Sign in with $providerName",// this button label will be used. Default: Sign in with $providerNamefullLabel?:string;// For identifier first flows, this is the user email domain: tenant1.comhd?:string;// The button color, such as "#ff00ff".buttonColor?:string;// The button icon URL in the form of an HTTPS URL.iconUrl?:string;// Additional OAuth scopes to request for OAuth providers.scopes?:string[];// Additional custom OAuth parameters to set on sign-in.// For example, setting {auth_type: 'reauthenticate'} will// require password re-entry on Facebook re-authentication.customParameters?:{[key:string]:any};// In the "identifierFirst' flow, a login hint key makes it possible// to pass the email to the provider to sign in with. This is useful when a// user has multiple accounts. For many providers, this is "login_hint".loginHintKey?:string;// Whether to require display name when creating an email and password// account. True by default.requireDisplayName?:boolean;// reCAPTCHA customization for phone providers.recaptchaParameters?:{// The type of the reCAPTCHA ("audio" or "image")type?:string;// Whether the reCAPTCHA is invisible or not. Valid options are// "invisible", "normal", and "compact".size?:string;// For invisible reCAPTCHAs, this defines how the invisible reCAPTCHA badge// is displayed (for example, "bottomleft", "bottomright" or "inline").badge?:string;};// The default country for phone providers.defaultCountry?:string;// Sets the whitelisted countries for phone providers. Accepts either ISO// (alpha-2) or E164 formatted country codes. For example: ['US', '+44']whitelistedCountries?:string[];// Sets the blacklisted countries for phone providers. Accepts either ISO// (alpha-2) or E164 formatted country codes. For example: ['US', '+44']blacklistedCountries?:string[];// Sets the disableSignUp config for email/password or email link sign in// method.disableSignUp?:{// Whether to disable users from signing up with email providers// (email/password or email link).status:boolean;// The optional site administrator email to contact for access when sign// up is disabled.// For example: `admin@example.com`.adminEmail?:string;// The optional help link to provide information on how to get access to// the site when sign up is disabled.// For example: `https://www.example.com/trouble_signing_in`.helpLink?:string;}}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Hosted sign-in page configuration interfaces\n\nThis article describes the `UiConfig`, `ExtendedTenantUiConfig`, and\n`SignInOption` interfaces that are available when creating a sign-in\npage for Identity-Aware Proxy [using Cloud Run](/iap/docs/cloud-run-sign-in).\n\nUiConfig\n--------\n\n interface UiConfig {\n // The API key for the current Identity Platform project.\n apiKeyValue: {\n // Provisioned by Identity Platform.\n authDomain?: string;\n // The display mode for tenant selection flow. This could be 'optionFirst'\n // or 'identifierFirst'. The default is 'optionFirst'.\n displayMode: string;\n // The tenant selection screen title. By default, this is the project ID.\n selectTenantUiTitle?: string;\n // The tenant selection screen logo in the form of an HTTPS URL. By default,\n // no logo is provided.\n selectTenantUiLogo?: string;\n // The CSS stylesheet used to override the default CSS styles in the form of\n // an HTTPS URL. The hosted UI uses a superset of the FirebaseUI-web CSS\n // styles. By default, no custom stylesheet is provided.\n styleUrl?: string;\n // The tenants configurations.\n tenants: {\n // Each tenant configuration is keyed by the tenant identifier.\n tenantIdValue: ExtendedTenantUiConfig;\n };\n // The application terms of service URL in the form of an HTTPS URL.\n // By default, this is empty.\n tosUrl?: string,\n // The application privacy policy URL in the form of an HTTPS URL.\n // By default, this is empty.\n privacyPolicyUrl?: string,\n };\n }\n\nExtendedTenantUiConfig\n----------------------\n\n interface ExtendedTenantUiConfig {\n // The optional tenant full label. This is used for the \"Sign in with tenant\"\n // button label.\n // When not provided, \"Sign in to ${displayName}\" is used as the full label.\n fullLabel?: string;\n // The tenant display name. This is used for the \"Sign in with tenant\" label.\n // For tenants, the default is the tenant display name. For projects-level\n // identity providers, the default is the project ID.\n displayName: string;\n // The tenant icon URL in the form of an HTTPS URL. This is used for the\n // \"Sign in with tenant\" button icon URL. The default is a placeholder icon.\n iconUrl: string;\n // The tenant logo URL in the form of an HTTPS URL. This is displayed after\n // the user selects the tenant and is presented with the identity providers\n // associated with the tenant. By default, no logo URL is provided.\n logoUrl?: string;\n // The tenant button color. This is used for the \"sign in with tenant\" button.\n // A default color is used for all tenants.\n buttonColor: string;\n // The sign-in options associated with the tenant. This is auto-populated\n // using the enabled providers for the current tenant.\n signInOptions: (SignInOption | string)[];\n // The terms of service URL associated with the current tenant in the form\n // of an HTTPS URL. Empty by default.\n tosUrl?: string;\n // The privacy policy URL associated with the current tenant in the form of\n // an HTTPS URL. Empty by default.\n privacyPolicyUrl?: string;\n // For single providers with signInFlow set to 'redirect', setting this to\n // 'true' will result with a redirect to the provider without user\n // interaction. Set to true by default.\n immediateFederatedRedirect?: boolean;\n // Whether to use popup or redirect flows for federated providers.\n // Redirect flows are used by default.\n signInFlow?: 'redirect' | 'popup';\n // Sets the adminRestrictedOperation configuration for providers including\n // federated, email/password, email link and phone number.\n adminRestrictedOperation?: {\n // Specifies whether to provide additional instructions to the end user when\n // a user tries to create a new user account and the authorization server\n // blocks the operation.\n status: boolean;\n // The optional site administrator email to contact for access when sign up\n // is disabled. For example: `admin@example.com`.\n adminEmail?: string;\n // The optional help link to provide information on how to get access to the\n // site when sign up is disabled.\n // For example: `https://www.example.com/trouble_signing_in`.\n helpLink?: string;\n }\n }\n\nSignInOption\n------------\n\n interface SignInOption {\n // The provider identifier, such as facebook.com or saml.my-saml-provider-id.\n provider: string;\n // The provider label name.\n providerName?: string;\n // The full label of the button. Instead of \"Sign in with $providerName\",\n // this button label will be used. Default: Sign in with $providerName\n fullLabel?: string;\n // For identifier first flows, this is the user email domain: tenant1.com\n hd?: string;\n // The button color, such as \"#ff00ff\".\n buttonColor?: string;\n // The button icon URL in the form of an HTTPS URL.\n iconUrl?: string;\n // Additional OAuth scopes to request for OAuth providers.\n scopes?: string[];\n // Additional custom OAuth parameters to set on sign-in.\n // For example, setting {auth_type: 'reauthenticate'} will\n // require password re-entry on Facebook re-authentication.\n customParameters?: {[key: string]: any};\n // In the \"identifierFirst' flow, a login hint key makes it possible\n // to pass the email to the provider to sign in with. This is useful when a\n // user has multiple accounts. For many providers, this is \"login_hint\".\n loginHintKey?: string;\n // Whether to require display name when creating an email and password\n // account. True by default.\n requireDisplayName?: boolean;\n // reCAPTCHA customization for phone providers.\n recaptchaParameters?: {\n // The type of the reCAPTCHA (\"audio\" or \"image\")\n type?: string;\n // Whether the reCAPTCHA is invisible or not. Valid options are\n // \"invisible\", \"normal\", and \"compact\".\n size?: string;\n // For invisible reCAPTCHAs, this defines how the invisible reCAPTCHA badge\n // is displayed (for example, \"bottomleft\", \"bottomright\" or \"inline\").\n badge?: string;\n };\n // The default country for phone providers.\n defaultCountry?: string;\n // Sets the whitelisted countries for phone providers. Accepts either ISO\n // (alpha-2) or E164 formatted country codes. For example: ['US', '+44']\n whitelistedCountries?: string[];\n // Sets the blacklisted countries for phone providers. Accepts either ISO\n // (alpha-2) or E164 formatted country codes. For example: ['US', '+44']\n blacklistedCountries?: string[];\n // Sets the disableSignUp config for email/password or email link sign in\n // method.\n disableSignUp?: {\n // Whether to disable users from signing up with email providers\n // (email/password or email link).\n status: boolean;\n // The optional site administrator email to contact for access when sign\n // up is disabled.\n // For example: `admin@example.com`.\n adminEmail?: string;\n // The optional help link to provide information on how to get access to\n // the site when sign up is disabled.\n // For example: `https://www.example.com/trouble_signing_in`.\n helpLink?: string;\n }\n }"]]
