Firebase Authentication
Firebase Authentication provides backend services, easy-to-use SDKs, and ready-made UIlibraries to authenticate users to your app. It supports authentication usingpasswords, phone numbers, popular federated identity providers like Google,Facebook and Twitter, and more.
Firebase Authentication integrates tightly with otherFirebase services, andit leverages industry standards like OAuth 2.0 and OpenID Connect, so it can beeasily integrated with your custom backend.
When you upgrade toFirebase Authentication with Identity Platform, you unlock additionalfeatures, such as multi-factor authentication, blocking functions, user activityand audit logging, SAML and generic OpenID Connect support, multi-tenancy, andenterprise-level support.
Key capabilities
You can sign in users to yourFirebase app either by usingFirebaseUI as a complete drop-in auth solution or by using theFirebase Authentication SDK to manually integrate one or several sign-in methods intoyour app.
| FirebaseUI Auth | |
|---|---|
| Drop-in authentication solution | The recommended way to add a complete sign-in system to your app. FirebaseUI provides a drop-in auth solution that handles the UI flows for signing in users with email addresses and passwords, phone numbers, and with popular federated identity providers, including Google Sign-In and Facebook Login. TheFirebaseUI Auth component implements best practices for authentication on mobile devices and websites, which can maximize sign-in and sign-up conversion for your app. It also handles edge cases like account recovery and account linking that can be security sensitive and error-prone to handle correctly. FirebaseUI can be easily customized to fit in with the rest of your app's visual style, and it is open source, so you aren't constrained in realizing the user experience you want. |
| Firebase Authentication SDK | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Email and password based authentication | Authenticate users with their email addresses and passwords. TheFirebase Authentication SDK provides methods to create and manage users that use their email addresses and passwords to sign in.Firebase Authentication also handles sending password reset emails. | ||||||||||
| Federated identity provider integration | Authenticate users by integrating with federated identity providers. TheFirebase Authentication SDK provides methods that allow users to sign in with their Google, Facebook, Twitter, and GitHub accounts.
| ||||||||||
| Phone number authentication | Authenticate users by sending SMS messages to their phones. | ||||||||||
| Custom auth system integration | Connect your app's existing sign-in system to theFirebase Authentication SDK and gain access toFirebase Realtime Database and otherFirebase services. | ||||||||||
| Anonymous auth | Use features that require authentication without requiring users to sign in first by creating temporary anonymous accounts. If the user later chooses to sign up, you can upgrade the anonymous account to a regular account, so the user can continue where they left off. | ||||||||||
Firebase Authentication with Identity Platform
Firebase Authentication with Identity Platform is an optional upgrade that adds several new features toFirebase Authentication.
This upgrade does not require any migration—yourexisting client SDK and admin SDK code will continue to work as before, andyou'll gain immediate access to features such as enhanced logging andenterprise-grade support and SLAs. With some additional code, you'll be able toadd multi-factor auth, blocking functions, and support for SAML and OpenIDConnect providers.
Firebase Authentication with Identity Platform has a different pricing scheme compared to the base product. Whenupgraded, no-cost (Spark) plan projects will be limited to 3,000 daily activeusers, and pay-as-you-go (Blaze) plan projects will be charged for usage beyondthe free tier of 50,000 monthly active users. Be sure you understand the billingimplications before you upgrade.
Read more about the new features, pricing, and limits below.
Features
| Multi-factor authentication | Multi-factor authentication with SMS protects your users' data by adding a second layer of security to your app. |
| Blocking functions | Blocking functions let you run custom code that modifies the result of a user registering or signing in to your app. Learn how toextendFirebase Authentication with blocking functions. |
| SAML and OpenID Connect providers | Support sign-in using SAML (web only) and OpenID Connect providers not natively supported by Firebase. Learn how to addSAML sign-in to web apps and OpenID Connect sign-in toApple,Android, andweb apps. |
| User activity and audit logging | Monitor and log administrative access and end-user activity. When you upgrade your project, you automatically enable admin activity audit logs in Cloud Logging. You can also enable user activity logging on theAuthentication Settings page of theFirebase console. To learn how to view and analyze your logs, see theCloud Logging documentation. |
| Multi-tenancy | Using tenants, you can create multiple unique silos of users and configurations within a single project. SeeGetting started with multi-tenancy in the Cloud Identity Platform documentation. |
| Enterprise support and SLA | Upgraded projects get uptime commitments for Auth services according to theIdentity Platform Service Level Agreement (SLA) and are eligible to upgrade to enterprise-grade support. |
| Automatic clean-up of anonymous users | You will get the option to enable anonymous accounts to be automatically deleted if they are over thirty days old. Anonymous accounts also will no longer count towards billing and usage quotas. |
Usage limits
Upon upgrade,Firebase Authentication with Identity Platform introduces new limits to your use ofFirebase Authentication.
No cost (Spark)
Projects on the no-cost (Spark) plan have a new limit of 3,000 daily activeusers (DAUs) for most sign-in providers. Daily active usage is calculated basedon how many unique users sign in during a 24 hour period.
| Providers | New limit | Old limit |
|---|---|---|
| Email, Social, Anonymous, Custom | 3,000 DAUs | Unlimited |
| SAML, OpenID Connect | 2 DAUs | N/A |
Pay as you go (Blaze)
Pricing for projects on the Blaze plan is based on monthly active users (MAUs)and includes a no-cost tier of 50,000 users. An active user is anyone who usestheir account within the billing period.
| Providers | No-cost tier | Cost ($) per MAU above no-cost tier |
|---|---|---|
| Email, Social, Anonymous, Custom | 0-49,999 MAUs | 0.0025 to 0.0055 per MAU |
| SAML, OpenID Connect | 0-49 MAUs | 0.015 per MAU |
Upgrade your project
To upgrade your project toFirebase Authentication with Identity Platform, open theAuthenticationSettings page of theFirebase console.
How does it work?
To sign a user into your app, you first getauthentication credentials from the user. These credentials can be the user'semail address and password, or an OAuth token from a federated identityprovider. Then, you pass these credentials to theFirebase Authentication SDK. Ourbackend services will then verify those credentials and return a response to theclient.
After a successful sign in, you can access the user's basic profile information,and you can control the user's access to data stored in otherFirebase products. You can also use the provided authentication token to verify theidentity of users in your own backend services.
Note: By default, authenticated users can read and write data to theFirebase Realtime Database andCloud Storage. You can control theaccess of those users by modifying yourFirebase Realtime Database andCloud Storage Security Rules.Implementation paths
| UsingFirebaseUI Auth | ||
|---|---|---|
| Set up sign-in methods | For email address and password or phone number sign-in and any federated identity providers you want to support, enable them in theFirebase console and complete any configuration required by the identity provider, such as setting your OAuth redirect URL. | |
| Customize the sign-in UI | You can customize the sign-in UI by settingFirebaseUI options, or fork the code on GitHub to customize the sign-in experience further. | |
| UseFirebaseUI to perform the sign-in flow | Import theFirebaseUI library, specify the sign-in methods you want to support, and initiate theFirebaseUI sign-in flow. | |
| Using theFirebase Authentication SDK | ||
|---|---|---|
| Set up sign-in methods | For email address and password or phone number sign-in and any federated identity providers you want to support, enable them in theFirebase console and complete any configuration required by the identity provider, such as setting your OAuth redirect URL. | |
| Implement UI flows for your sign-in methods | For email address and password sign-in, implement a flow that prompts users to type their email addresses and passwords. For phone number sign-in, create a flow that prompts users for their phone number, and then for the code from the SMS message they receive. For federated sign-in, implement the flow required by each provider. | |
| Pass the user's credentials to theFirebase Authentication SDK | Pass the user's email address and password or the OAuth token that was acquired from the federated identity provider to theFirebase Authentication SDK. | |
What's next
Learn more aboutusers in aFirebase project, thencheck out the getting started guides for the platform and sign-in providers youwant to support:
iOS+AndroidWebFlutterUnityC++Admin
Not sure where to begin?
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-03 UTC.