gcp_identitytoolkit_tenant

allow_password_signup

Type: BOOLEAN
Provider name: allowPasswordSignup
Description: Whether to allow email/password user authentication.

ancestors

Type: UNORDERED_LIST_STRING

autodelete_anonymous_users

Type: BOOLEAN
Provider name: autodeleteAnonymousUsers
Description: Whether anonymous users will be auto-deleted after a period of 30 days.

client

Type: STRUCT
Provider name: client
Description: Options related to how clients making requests on behalf of a project should be configured.

  • permissions
    Type: STRUCT
    Provider name: permissions
    Description: Configuration related to restricting a user’s ability to affect their account.
    • disabled_user_deletion
      Type: BOOLEAN
      Provider name: disabledUserDeletion
      Description: When true, end users cannot delete their account on the associated project through any of our API methods
    • disabled_user_signup
      Type: BOOLEAN
      Provider name: disabledUserSignup
      Description: When true, end users cannot sign up for a new account on the associated project through any of our API methods

disable_auth

Type: BOOLEAN
Provider name: disableAuth
Description: Whether authentication is disabled for the tenant. If true, the users under the disabled tenant are not allowed to sign-in. Admins of the disabled tenant are not able to manage its users.

email_privacy_config

Type: STRUCT
Provider name: emailPrivacyConfig
Description: Configuration for settings related to email privacy and public visibility.

  • enable_improved_email_privacy
    Type: BOOLEAN
    Provider name: enableImprovedEmailPrivacy
    Description: Migrates the project to a state of improved email privacy. For example certain error codes are more generic to avoid giving away information on whether the account exists. In addition, this disables certain features that as a side-effect allow user enumeration. Enabling this toggle disables the fetchSignInMethodsForEmail functionality and changing the user’s email to an unverified email. It is recommended to remove dependence on this functionality and enable this toggle to improve user privacy.

enable_anonymous_user

Type: BOOLEAN
Provider name: enableAnonymousUser
Description: Whether to enable anonymous user authentication.

Type: BOOLEAN
Provider name: enableEmailLinkSignin
Description: Whether to enable email link user authentication.

gcp_display_name

Type: STRING
Provider name: displayName
Description: Display name of the tenant.

hash_config

Type: STRUCT
Provider name: hashConfig
Description: Output only. Hash config information of a tenant for display on Pantheon. This can only be displayed on Pantheon to avoid the sensitive information to get accidentally leaked. Only returned in GetTenant response to restrict reading of this information. Requires firebaseauth.configs.getHashConfig permission on the agent project for returning this field.

  • algorithm
    Type: STRING
    Provider name: algorithm
    Description: Output only. Different password hash algorithms used in Identity Toolkit.
    Possible values:
    • HASH_ALGORITHM_UNSPECIFIED - Default value. Do not use.
    • HMAC_SHA256 - HMAC_SHA256
    • HMAC_SHA1 - HMAC_SHA1
    • HMAC_MD5 - HMAC_MD5
    • SCRYPT - SCRYPT
    • PBKDF_SHA1 - PBKDF_SHA1
    • MD5 - MD5
    • HMAC_SHA512 - HMAC_SHA512
    • SHA1 - SHA1
    • BCRYPT - BCRYPT
    • PBKDF2_SHA256 - PBKDF2_SHA256
    • SHA256 - SHA256
    • SHA512 - SHA512
    • STANDARD_SCRYPT - STANDARD_SCRYPT
  • memory_cost
    Type: INT32
    Provider name: memoryCost
    Description: Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field.
  • rounds
    Type: INT32
    Provider name: rounds
    Description: Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.
  • salt_separator
    Type: STRING
    Provider name: saltSeparator
    Description: Output only. Non-printable character to be inserted between the salt and plain text password in base64.
  • signer_key
    Type: STRING
    Provider name: signerKey
    Description: Output only. Signer key in base64.

inheritance

Type: STRUCT
Provider name: inheritance
Description: Specify the settings that the tenant could inherit.

  • email_sending_config
    Type: BOOLEAN
    Provider name: emailSendingConfig
    Description: Whether to allow the tenant to inherit custom domains, email templates, and custom SMTP settings. If true, email sent from tenant will follow the project level email sending configurations. If false (by default), emails will go with the default settings with no customizations.

labels

Type: UNORDERED_LIST_STRING

mfa_config

Type: STRUCT
Provider name: mfaConfig
Description: The tenant-level configuration of MFA options.

  • enabled_providers
    Type: UNORDERED_LIST_STRING
    Provider name: enabledProviders
    Description: A list of usable second factors for this project.
  • provider_configs
    Type: UNORDERED_LIST_STRUCT
    Provider name: providerConfigs
    Description: A list of usable second factors for this project along with their configurations. This field does not support phone based MFA, for that use the ’enabled_providers’ field.
    • state
      Type: STRING
      Provider name: state
      Description: Describes the state of the MultiFactor Authentication type.
      Possible values:
      • MFA_STATE_UNSPECIFIED - Illegal State, should not be used.
      • DISABLED - Multi-factor authentication cannot be used for this project.
      • ENABLED - Multi-factor authentication can be used for this project.
      • MANDATORY - Multi-factor authentication is required for this project. Users from this project must authenticate with the second factor.
    • totp_provider_config
      Type: STRUCT
      Provider name: totpProviderConfig
      Description: TOTP MFA provider config for this project.
      • adjacent_intervals
        Type: INT32
        Provider name: adjacentIntervals
        Description: The allowed number of adjacent intervals that will be used for verification to avoid clock skew.
  • state
    Type: STRING
    Provider name: state
    Description: Whether MultiFactor Authentication has been enabled for this project.
    Possible values:
    • STATE_UNSPECIFIED - Illegal State, should not be used.
    • DISABLED - Multi-factor authentication cannot be used for this project
    • ENABLED - Multi-factor authentication can be used for this project
    • MANDATORY - Multi-factor authentication is required for this project. Users from this project must authenticate with the second factor.

Type: STRUCT
Provider name: mobileLinksConfig
Description: Optional. Deprecated. Never launched. Configuration for settings related to univeral links (iOS) and app links (Android).

  • domain
    Type: STRING
    Provider name: domain
    Description: Open code in app domain to use for app links and universal links.
    Possible values:
    • DOMAIN_UNSPECIFIED - Default value. The default domain is the Firebase Dynamic Link domain before the FDL deprecation and the hosting domain after the FDL deprecation.
    • FIREBASE_DYNAMIC_LINK_DOMAIN - Use Firebase Dynamic Link domain as app link domain. Default value.
    • HOSTING_DOMAIN - Use hosting domain as app link domain.

monitoring

Type: STRUCT
Provider name: monitoring
Description: Configuration related to monitoring project activity.

  • request_logging
    Type: STRUCT
    Provider name: requestLogging
    Description: Configuration for logging requests made to this project to Stackdriver Logging
    • enabled
      Type: BOOLEAN
      Provider name: enabled
      Description: Whether logging is enabled for this project or not.

name

Type: STRING
Provider name: name
Description: Output only. Resource name of a tenant. For example: “projects/{project-id}/tenants/{tenant-id}"

organization_id

Type: STRING

parent

Type: STRING

password_policy_config

Type: STRUCT
Provider name: passwordPolicyConfig
Description: The tenant-level password policy config

  • force_upgrade_on_signin
    Type: BOOLEAN
    Provider name: forceUpgradeOnSignin
    Description: Users must have a password compliant with the password policy to sign-in.
  • last_update_time
    Type: TIMESTAMP
    Provider name: lastUpdateTime
    Description: Output only. The last time the password policy on the project was updated.
  • password_policy_enforcement_state
    Type: STRING
    Provider name: passwordPolicyEnforcementState
    Description: Which enforcement mode to use for the password policy.
    Possible values:
    • PASSWORD_POLICY_ENFORCEMENT_STATE_UNSPECIFIED - Illegal State, should not be used.
    • OFF - Password Policy will not be used on the project.
    • ENFORCE - Passwords non-compliant with the password policy will be rejected with an error thrown.
  • password_policy_versions
    Type: UNORDERED_LIST_STRUCT
    Provider name: passwordPolicyVersions
    Description: Must be of length 1. Contains the strength attributes for the password policy.
    • custom_strength_options
      Type: STRUCT
      Provider name: customStrengthOptions
      Description: The custom strength options enforced by the password policy.
      • contains_lowercase_character
        Type: BOOLEAN
        Provider name: containsLowercaseCharacter
        Description: The password must contain a lower case character.
      • contains_non_alphanumeric_character
        Type: BOOLEAN
        Provider name: containsNonAlphanumericCharacter
        Description: The password must contain a non alpha numeric character.
      • contains_numeric_character
        Type: BOOLEAN
        Provider name: containsNumericCharacter
        Description: The password must contain a number.
      • contains_uppercase_character
        Type: BOOLEAN
        Provider name: containsUppercaseCharacter
        Description: The password must contain an upper case character.
      • max_password_length
        Type: INT32
        Provider name: maxPasswordLength
        Description: Maximum password length. No default max length
      • min_password_length
        Type: INT32
        Provider name: minPasswordLength
        Description: Minimum password length. Range from 6 to 30
    • schema_version
      Type: INT32
      Provider name: schemaVersion
      Description: Output only. schema version number for the password policy

project_id

Type: STRING

project_number

Type: STRING

recaptcha_config

Type: STRUCT
Provider name: recaptchaConfig
Description: The tenant-level reCAPTCHA config.

  • email_password_enforcement_state
    Type: STRING
    Provider name: emailPasswordEnforcementState
    Description: The reCAPTCHA config for email/password provider, containing the enforcement status. The email/password provider contains all email related user flows protected by reCAPTCHA.
    Possible values:
    • RECAPTCHA_PROVIDER_ENFORCEMENT_STATE_UNSPECIFIED - Enforcement state has not been set.
    • OFF - Unenforced.
    • AUDIT - reCAPTCHA assessment is created, result is not used to enforce.
    • ENFORCE - reCAPTCHA assessment is created, result is used to enforce.
  • managed_rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: managedRules
    Description: The managed rules for authentication action based on reCAPTCHA scores. The rules are shared across providers for a given tenant project.
    • action
      Type: STRING
      Provider name: action
      Description: The action taken if the reCAPTCHA score of a request is within the interval [start_score, end_score].
      Possible values:
      • RECAPTCHA_ACTION_UNSPECIFIED - The reCAPTCHA action is not specified.
      • BLOCK - The reCAPTCHA-protected request will be blocked.
    • end_score
      Type: FLOAT
      Provider name: endScore
      Description: The end score (inclusive) of the score range for an action. Must be a value between 0.0 and 1.0, at 11 discrete values; e.g. 0, 0.1, 0.2, 0.3, … 0.9, 1.0. A score of 0.0 indicates the riskiest request (likely a bot), whereas 1.0 indicates the safest request (likely a human). See https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment.
  • phone_enforcement_state
    Type: STRING
    Provider name: phoneEnforcementState
    Description: The reCAPTCHA config for phone provider, containing the enforcement status. The phone provider contains all SMS related user flows protected by reCAPTCHA.
    Possible values:
    • RECAPTCHA_PROVIDER_ENFORCEMENT_STATE_UNSPECIFIED - Enforcement state has not been set.
    • OFF - Unenforced.
    • AUDIT - reCAPTCHA assessment is created, result is not used to enforce.
    • ENFORCE - reCAPTCHA assessment is created, result is used to enforce.
  • recaptcha_keys
    Type: UNORDERED_LIST_STRUCT
    Provider name: recaptchaKeys
    Description: The reCAPTCHA keys.
    • key
      Type: STRING
      Provider name: key
      Description: The reCAPTCHA Enterprise key resource name, e.g. “projects/{project}/keys/{key}"
    • type
      Type: STRING
      Provider name: type
      Description: The client’s platform type.
      Possible values:
      • CLIENT_TYPE_UNSPECIFIED - Client type is not specified.
      • WEB - Client type is web.
      • IOS - Client type is iOS.
      • ANDROID - Client type is Android.
  • toll_fraud_managed_rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: tollFraudManagedRules
    Description: The managed rules for the authentication action based on reCAPTCHA toll fraud risk scores. Toll fraud managed rules will only take effect when the phone_enforcement_state is AUDIT or ENFORCE and use_sms_toll_fraud_protection is true.
    • action
      Type: STRING
      Provider name: action
      Description: The action taken if the reCAPTCHA score of a request is within the interval [start_score, end_score].
      Possible values:
      • RECAPTCHA_ACTION_UNSPECIFIED - The reCAPTCHA action is not specified.
      • BLOCK - The reCAPTCHA-protected request will be blocked.
    • start_score
      Type: FLOAT
      Provider name: startScore
      Description: The start score (inclusive) for an action. Must be a value between 0.0 and 1.0, at 11 discrete values; e.g. 0, 0.1, 0.2, 0.3, … 0.9, 1.0. A score of 0.0 indicates the safest request (likely legitimate), whereas 1.0 indicates the riskiest request (likely toll fraud). See https://cloud.google.com/recaptcha-enterprise/docs/sms-fraud-detection#create-assessment-sms.
  • use_account_defender
    Type: BOOLEAN
    Provider name: useAccountDefender
    Description: Whether to use the account defender for reCAPTCHA assessment. Defaults to false.
  • use_sms_bot_score
    Type: BOOLEAN
    Provider name: useSmsBotScore
    Description: Whether to use the rCE bot score for reCAPTCHA phone provider. Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.
  • use_sms_toll_fraud_protection
    Type: BOOLEAN
    Provider name: useSmsTollFraudProtection
    Description: Whether to use the rCE sms toll fraud protection risk score for reCAPTCHA phone provider. Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.

resource_name

Type: STRING

sms_region_config

Type: STRUCT
Provider name: smsRegionConfig
Description: Configures which regions are enabled for SMS verification code sending.

tags

Type: UNORDERED_LIST_STRING

PREVIEWING: guacbot/translation-pipeline