Skip to content

Firebase

FeatureSupport
User management✅ Full
Organizations
Audit logs⚠️ Basic (requires Google Cloud Logging)
  1. Create a Firebase project

    Go to console.firebase.google.com and create a project, or use an existing one.

  2. Enable Firebase Authentication

    In the Firebase console: Authentication → Get started. Enable the sign-in methods your users need.

  3. Enable Firestore

    In the Firebase console: Firestore Database → Create database. Choose production mode and select a region.

    AUMS uses Firestore to store organization data. The collection is created automatically on first use.

  4. Create a service account

    In the Firebase console: Project Settings → Service accounts → Generate new private key.

    Download the JSON key file. Keep it secure — it grants admin access to your Firebase project.

  5. Set environment variables

    Extract values from the downloaded JSON key:

    Terminal window
    PROVIDER=firebase
    FIREBASE_PROJECT_ID=your-project-id
    FIREBASE_CLIENT_EMAIL=firebase-adminsdk-xxxxx@your-project-id.iam.gserviceaccount.com
    FIREBASE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"

AUMS accesses Firestore via the Admin SDK (bypasses security rules). If you also access the same Firestore from a client application, configure rules to restrict client-side access to the AUMS organization collections.

To protect the AUMS dashboard with Firebase SSO, use the Google OIDC provider:

Terminal window
AUTH_CLIENT_OPENID_CONFIGURATION_URL=https://accounts.google.com
AUTH_CLIENT_ID=your-oauth-client-id.apps.googleusercontent.com
AUTH_CLIENT_SECRET=your-oauth-client-secret

Create OAuth 2.0 credentials in Google Cloud Console and add <BASE_URL>/api/auth/callback/oidc to the authorized redirect URIs.