Identity Toolkit roles and permissions

This page lists the IAM roles and permissions for Identity Toolkit. To search through all roles and permissions, see the role and permission index.

Role Permissions

Identity Toolkit Admin

(roles/identitytoolkit.admin)

Full access to Identity Toolkit resources.

firebaseauth.*

  • firebaseauth.configs.create
  • firebaseauth.configs.get
  • firebaseauth.configs.getHashConfig
  • firebaseauth.configs.getSecret
  • firebaseauth.configs.update
  • firebaseauth.users.create
  • firebaseauth.users.createSession
  • firebaseauth.users.delete
  • firebaseauth.users.get
  • firebaseauth.users.sendEmail
  • firebaseauth.users.update

identitytoolkit.*

  • identitytoolkit.tenants.create
  • identitytoolkit.tenants.delete
  • identitytoolkit.tenants.get
  • identitytoolkit.tenants.getIamPolicy
  • identitytoolkit.tenants.list
  • identitytoolkit.tenants.setIamPolicy
  • identitytoolkit.tenants.update

Identity Platform Service Agent

(roles/identitytoolkit.serviceAgent)

Gives Identity Platform service account access to customer project resources.

cloudfunctions.functions.invoke

recaptchaenterprise.assessments.create

recaptchaenterprise.keys.create

recaptchaenterprise.keys.delete

recaptchaenterprise.keys.get

Identity Toolkit Viewer

(roles/identitytoolkit.viewer)

Read access to Identity Toolkit resources.

firebaseauth.configs.get

firebaseauth.users.get

identitytoolkit.tenants.get

identitytoolkit.tenants.getIamPolicy

identitytoolkit.tenants.list
Permission Included in roles

identitytoolkit.tenants.create

Owner (roles/owner)

Editor (roles/editor)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

identitytoolkit.tenants.delete

Owner (roles/owner)

Editor (roles/editor)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

identitytoolkit.tenants.get

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Support User (roles/iam.supportUser)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

identitytoolkit.tenants.getIamPolicy

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

identitytoolkit.tenants.list

Owner (roles/owner)

Editor (roles/editor)

Viewer (roles/viewer)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Security Admin (roles/iam.securityAdmin)

Security Auditor (roles/iam.securityAuditor)

Security Reviewer (roles/iam.securityReviewer)

Support User (roles/iam.supportUser)

Identity Platform Admin (roles/identityplatform.admin)

Identity Platform Viewer (roles/identityplatform.viewer)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Identity Toolkit Viewer (roles/identitytoolkit.viewer)

identitytoolkit.tenants.setIamPolicy

Owner (roles/owner)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Security Admin (roles/iam.securityAdmin)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

identitytoolkit.tenants.update

Owner (roles/owner)

Editor (roles/editor)

Firebase Admin SDK Administrator Service Agent (roles/firebase.sdkAdminServiceAgent)

Identity Platform Admin (roles/identityplatform.admin)

Identity Toolkit Admin (roles/identitytoolkit.admin)

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.