Stay organized with collections
Save and categorize content based on your preferences.
Authentication
Identity Platform allows users to authenticate to your apps and services,
like multi-tenant SaaS apps, mobile/web apps, games, APIs and more.
Identity Platform provides secure, easy-to-use authentication if you're building a service on
Google Cloud, on your own backend or on another platform.
Identity Platform provides backend services and works with the easy-to-use
SDKs and ready-made UI libraries to authenticate users to your
app. It supports authentication using passwords, phone numbers, popular
federated identity providers like Google, Facebook, Twitter, and any provider
that supports SAML or OpenID Connect protocol.
Identity Platform integrates tightly with Google Cloud services, and
it leverages industry standards like OAuth 2.0 and OpenID Connect, so it can be
easily integrated with your custom backend.
Key capabilities
You can use the SDK to integrate one or more sign-in methods into your app.
Authentication using the SDK
Email and password based authentication
Authenticate users with their email addresses and passwords. The
SDK provides methods to create and
manage users that use their email addresses and passwords to sign in.
Identity Platform also handles sending password reset
emails.
Authenticate users by integrating with federated identity providers.
The SDK provides methods that allow
users to sign in with their Google, Facebook, Twitter, and GitHub
accounts.
Connect your app's existing sign-in system to
Identity Platform, exchanging tokens generated on your server for
Identity Platform tokens that can be used for your apps running in
Google Cloud, Firebase, or other services.
Use features that require authentication without requiring users to
sign in first by creating temporary anonymous accounts. If the user later
chooses to sign up, you can upgrade the anonymous account to a regular
account, so the user can continue where they left off.
To sign a user into your app, you first get
authentication credentials from the user. These credentials can be the user's
email address and password, a SAML assertion, or an OAuth token from a federated
identity provider. In the case of federated identity providers, the providers return those
tokens to Identity Platform's authentication handler on the
/__auth/handler endpoint. This service is hosted by Google, so you
don't have to receive and validate the authentication artifact. After the
tokens are received, our backend services will verify them and return a
response to the client.
After a successful sign in, you can access the user's basic profile information,
and you can control the user's access to data stored in Google Cloud or other
products. You can also use the provided authentication token to verify the
identity of users in your own backend services.
Implementation paths
Using the SDK
Set up sign-in methods
For email address and password or phone number sign-in and any
federated identity providers you want to support, enable them in the
Google Cloud console
and complete any configuration required by the
identity provider, such as setting your OAuth redirect URL.
Implement UI flows for your sign-in methods
For email address and password sign-in, implement a flow that prompts
users to type their email addresses and passwords. For phone number
sign-in, create a flow that prompts users for their phone number, and
then for the code from the SMS message they receive. For federated
sign-in, implement the flow required by each provider.
Pass the user's credentials to the SDK
Pass the user's email address and password or the OAuth token that was
acquired from the federated identity provider to the
SDK.
Using open source UI components
Set up sign-in methods
For email address and password or phone number sign-in and any
federated identity providers you want to support, enable them in the
Google Cloud console and complete any configuration required by the
identity provider, such as setting your OAuth redirect URL.
Customize the sign-in UI
You can customize the sign-in UI by setting FirebaseUI options.
To customize even further, fork the code on GitHub.
Use FirebaseUI to perform the sign-in flow
Import the FirebaseUI library, specify the sign-in methods you want to
support, and initiate the FirebaseUI sign-in flow.
What's next
Learn more about users in an Identity Platform project, then see the
integration guides for the sign-in providers you want to support:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eIdentity Platform offers a secure and user-friendly way to authenticate users for various applications and services, including mobile, web, and multi-tenant SaaS apps.\u003c/p\u003e\n"],["\u003cp\u003eThis platform supports authentication through multiple methods, such as email/password, phone numbers, and federated identity providers like Google, Facebook, and Twitter, as well as SAML or OpenID Connect.\u003c/p\u003e\n"],["\u003cp\u003eIdentity Platform seamlessly integrates with Google Cloud services and utilizes industry standards like OAuth 2.0 and OpenID Connect for easy integration with custom backends.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can leverage the Identity Platform SDK to incorporate various sign-in methods and UI libraries into their apps or use open source UI components for an easier sign-in implementation.\u003c/p\u003e\n"],["\u003cp\u003eIdentity platform handles token verification and returns a response to the client, managing authentication artifacts, allowing you to control user's access to data and verify their identity in your own backend.\u003c/p\u003e\n"]]],[],null,["# Authentication\n==============\n\nIdentity Platform allows users to authenticate to your apps and services,\nlike multi-tenant SaaS apps, mobile/web apps, games, APIs and more.\nIdentity Platform provides secure, easy-to-use authentication if you're building a service on\nGoogle Cloud, on your own backend or on another platform.\n\nIdentity Platform provides backend services and works with the easy-to-use\nSDKs and ready-made UI libraries to authenticate users to your\napp. It supports authentication using passwords, phone numbers, popular\nfederated identity providers like Google, Facebook, Twitter, and any provider\nthat supports SAML or OpenID Connect protocol.\n\nIdentity Platform integrates tightly with Google Cloud services, and\nit leverages industry standards like OAuth 2.0 and OpenID Connect, so it can be\neasily integrated with your custom backend.\n\nKey capabilities\n----------------\n\nYou can use the SDK to integrate one or more sign-in methods into your app.\n\nHow does it work?\n-----------------\n\nTo sign a user into your app, you first get\nauthentication credentials from the user. These credentials can be the user's\nemail address and password, a SAML assertion, or an OAuth token from a federated\nidentity provider. In the case of federated identity providers, the providers return those\ntokens to Identity Platform's authentication handler on the\n`/__auth/handler` endpoint. This service is hosted by Google, so you\ndon't have to receive and validate the authentication artifact. After the\ntokens are received, our backend services will verify them and return a\nresponse to the client.\n\nAfter a successful sign in, you can access the user's basic profile information,\nand you can control the user's access to data stored in Google Cloud or other\nproducts. You can also use the provided authentication token to verify the\nidentity of users in your own backend services.\n\nImplementation paths\n--------------------\n\n| **Important:** When an interaction with Firebase services like Firestore is initiated by a trusted service or backend, you can use the Firebase Admin SDKs to avoid the stricter end-user-facing limits that apply to non-admin actions.\n\nWhat's next\n-----------\n\nLearn more about users in an Identity Platform project, then see the\nintegration guides for the sign-in providers you want to support:\n\n\n[iOS](https://firebase.google.com/docs/auth/ios/start)\n[Android](https://firebase.google.com/docs/auth/android/start)\n[Web](https://firebase.google.com/docs/auth/web/start)\n[C++](https://firebase.google.com/docs/auth/cpp/start)\n[Unity](https://firebase.google.com/docs/auth/unity/start)\n[Admin](https://firebase.google.com/docs/auth/admin)\n[OIDC (Web)](/identity-platform/docs/how-to-enable-application-for-oidc)\n[SAML (Web)](/identity-platform/docs/how-to-enable-application-for-saml)"]]
