Set up multi-tenancy in Identity Platform

This quickstart shows you how to enable multi-tenancy in Identity Platform and create and select new tenants using the Google Cloud console.

To learn more about multi-tenancy in Identity Platform, see multi-tenancy.

To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:

Guide me

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  3. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  4. Verify that billing is enabled for your Google Cloud project.

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Roles required to select or create a project

    • Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
    • Create a project: To create a project, you need the Project Creator role (roles/resourcemanager.projectCreator), which contains the resourcemanager.projects.create permission. Learn how to grant roles.

    Go to project selector

  6. If you're using an existing project for this guide, verify that you have the permissions required to complete this guide. If you created a new project, then you already have the required permissions.

  7. Verify that billing is enabled for your Google Cloud project.

Required roles

To get the permissions that you need to set up multi-tenancy, ask your administrator to grant you the Identity Platform Admin (roles/identityplatform.admin) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to set up multi-tenancy. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to set up multi-tenancy:

  • firebaseauth.configs.update
  • identitytoolkit.tenants.create

You might also be able to get these permissions with custom roles or other predefined roles.

Enable multi-tenancy

  1. In the Google Cloud console, go to the Identity Platform > Settings page.
    Go to Settings

  2. Click the Security tab.

  3. In the Multi-tenancy section, click Allow tenants.

This enables multi-tenancy and opens the Tenants page.

You are now ready to create your first tenant.

Create a tenant

  1. In the Tenants page, click Add tenant.

  2. In the Name field, enter a name for the tenant. This does not need to be unique; Identity Platform automatically assigns a distinct ID.

  3. Click Save.

Congratulations! You've created an Identity Platform tenant.

Select a tenant

In the Settings page, select your tenant from the Scope to a tenant list.

Each tenant has its own providers and users. After you've selected a tenant, you can manage it the same way you manage a non-tenant Identity Platform project.

Disable multi-tenancy

To disable multi-tenancy, use the Identity Toolkit API.

What's next