---
title: Getting Started with Datadog
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog
---

# gcp_identitytoolkit_config{% #gcp_identitytoolkit_config %}

## `ancestors`{% #ancestors %}

**Type**: `UNORDERED_LIST_STRING`

## `authorized_domains`{% #authorized_domains %}

**Type**: `UNORDERED_LIST_STRING`**Provider name**: `authorizedDomains`**Description**: List of domains authorized for OAuth redirects

## `autodelete_anonymous_users`{% #autodelete_anonymous_users %}

**Type**: `BOOLEAN`**Provider name**: `autodeleteAnonymousUsers`**Description**: Whether anonymous users will be auto-deleted after a period of 30 days.

## `blocking_functions`{% #blocking_functions %}

**Type**: `STRUCT`**Provider name**: `blockingFunctions`**Description**: Configuration related to blocking functions.

- `forward_inbound_credentials`**Type**: `STRUCT`**Provider name**: `forwardInboundCredentials`**Description**: The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.
  - `access_token`**Type**: `BOOLEAN`**Provider name**: `accessToken`**Description**: Whether to pass the user's OAuth identity provider's access token.
  - `id_token`**Type**: `BOOLEAN`**Provider name**: `idToken`**Description**: Whether to pass the user's OIDC identity provider's ID token.
  - `refresh_token`**Type**: `BOOLEAN`**Provider name**: `refreshToken`**Description**: Whether to pass the user's OAuth identity provider's refresh token.

## `client`{% #client %}

**Type**: `STRUCT`**Provider name**: `client`**Description**: Options related to how clients making requests on behalf of a project should be configured.

- `api_key`**Type**: `STRING`**Provider name**: `apiKey`**Description**: Output only. API key that can be used when making requests for this project.
- `firebase_subdomain`**Type**: `STRING`**Provider name**: `firebaseSubdomain`**Description**: Output only. Firebase subdomain.
- `permissions`**Type**: `STRUCT`**Provider name**: `permissions`**Description**: Configuration related to restricting a user's ability to affect their account.
  - `disabled_user_deletion`**Type**: `BOOLEAN`**Provider name**: `disabledUserDeletion`**Description**: When true, end users cannot delete their account on the associated project through any of our API methods
  - `disabled_user_signup`**Type**: `BOOLEAN`**Provider name**: `disabledUserSignup`**Description**: When true, end users cannot sign up for a new account on the associated project through any of our API methods

## `default_hosting_site`{% #default_hosting_site %}

**Type**: `STRING`**Provider name**: `defaultHostingSite`**Description**: Output only. Default Firebase hosting site name

## `email_privacy_config`{% #email_privacy_config %}

**Type**: `STRUCT`**Provider name**: `emailPrivacyConfig`**Description**: Configuration for settings related to email privacy and public visibility.

- `enable_improved_email_privacy`**Type**: `BOOLEAN`**Provider name**: `enableImprovedEmailPrivacy`**Description**: Migrates the project to a state of improved email privacy. For example certain error codes are more generic to avoid giving away information on whether the account exists. In addition, this disables certain features that as a side-effect allow user enumeration. Enabling this toggle disables the fetchSignInMethodsForEmail functionality and changing the user's email to an unverified email. It is recommended to remove dependence on this functionality and enable this toggle to improve user privacy.

## `labels`{% #labels %}

**Type**: `UNORDERED_LIST_STRING`

## `mfa`{% #mfa %}

**Type**: `STRUCT`**Provider name**: `mfa`**Description**: Configuration for this project's multi-factor authentication, including whether it is active and what factors can be used for the second factor

- `enabled_providers`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `enabledProviders`**Description**: A list of usable second factors for this project.
- `provider_configs`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `providerConfigs`**Description**: A list of usable second factors for this project along with their configurations. This field does not support phone based MFA, for that use the 'enabled_providers' field.
  - `state`**Type**: `STRING`**Provider name**: `state`**Description**: Describes the state of the MultiFactor Authentication type.**Possible values**:
    - `MFA_STATE_UNSPECIFIED` - Illegal State, should not be used.
    - `DISABLED` - Multi-factor authentication cannot be used for this project.
    - `ENABLED` - Multi-factor authentication can be used for this project.
    - `MANDATORY` - Multi-factor authentication is required for this project. Users from this project must authenticate with the second factor.
  - `totp_provider_config`**Type**: `STRUCT`**Provider name**: `totpProviderConfig`**Description**: TOTP MFA provider config for this project.
    - `adjacent_intervals`**Type**: `INT32`**Provider name**: `adjacentIntervals`**Description**: The allowed number of adjacent intervals that will be used for verification to avoid clock skew.
- `state`**Type**: `STRING`**Provider name**: `state`**Description**: Whether MultiFactor Authentication has been enabled for this project.**Possible values**:
  - `STATE_UNSPECIFIED` - Illegal State, should not be used.
  - `DISABLED` - Multi-factor authentication cannot be used for this project
  - `ENABLED` - Multi-factor authentication can be used for this project
  - `MANDATORY` - Multi-factor authentication is required for this project. Users from this project must authenticate with the second factor.

## `mobile_links_config`{% #mobile_links_config %}

**Type**: `STRUCT`**Provider name**: `mobileLinksConfig`**Description**: Configuration for settings related to univeral links (iOS) and app links (Android).

- `domain`**Type**: `STRING`**Provider name**: `domain`**Description**: Open code in app domain to use for app links and universal links.**Possible values**:
  - `DOMAIN_UNSPECIFIED` - Default value. The default domain is the Firebase Dynamic Link domain before the FDL deprecation and the hosting domain after the FDL deprecation.
  - `FIREBASE_DYNAMIC_LINK_DOMAIN` - Use Firebase Dynamic Link domain as app link domain. Default value.
  - `HOSTING_DOMAIN` - Use hosting domain as app link domain.

## `monitoring`{% #monitoring %}

**Type**: `STRUCT`**Provider name**: `monitoring`**Description**: Configuration related to monitoring project activity.

- `request_logging`**Type**: `STRUCT`**Provider name**: `requestLogging`**Description**: Configuration for logging requests made to this project to Stackdriver Logging
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Whether logging is enabled for this project or not.

## `multi_tenant`{% #multi_tenant %}

**Type**: `STRUCT`**Provider name**: `multiTenant`**Description**: Configuration related to multi-tenant functionality.

- `allow_tenants`**Type**: `BOOLEAN`**Provider name**: `allowTenants`**Description**: Whether this project can have tenants or not.
- `default_tenant_location`**Type**: `STRING`**Provider name**: `defaultTenantLocation`**Description**: The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project.

## `name`{% #name %}

**Type**: `STRING`**Provider name**: `name`**Description**: Output only. The name of the Config resource. Example: "projects/my-awesome-project/config"

## `notification`{% #notification %}

**Type**: `STRUCT`**Provider name**: `notification`**Description**: Configuration related to sending notifications to users.

- `default_locale`**Type**: `STRING`**Provider name**: `defaultLocale`**Description**: Default locale used for email and SMS in IETF BCP 47 format.
- `send_email`**Type**: `STRUCT`**Provider name**: `sendEmail`**Description**: Options for email sending.
  - `callback_uri`**Type**: `STRING`**Provider name**: `callbackUri`**Description**: action url in email template.
  - `change_email_template`**Type**: `STRUCT`**Provider name**: `changeEmailTemplate`**Description**: Email template for change email
    - `body`**Type**: `STRING`**Provider name**: `body`**Description**: Email body
    - `body_format`**Type**: `STRING`**Provider name**: `bodyFormat`**Description**: Email body format**Possible values**:
      - `BODY_FORMAT_UNSPECIFIED` - Default value. Do not use.
      - `PLAIN_TEXT` - Plain text
      - `HTML` - HTML
    - `customized`**Type**: `BOOLEAN`**Provider name**: `customized`**Description**: Output only. Whether the body or subject of the email is customized.
    - `reply_to`**Type**: `STRING`**Provider name**: `replyTo`**Description**: Reply-to address
    - `sender_display_name`**Type**: `STRING`**Provider name**: `senderDisplayName`**Description**: Sender display name
    - `sender_local_part`**Type**: `STRING`**Provider name**: `senderLocalPart`**Description**: Local part of From address
    - `subject`**Type**: `STRING`**Provider name**: `subject`**Description**: Subject of the email
  - `dns_info`**Type**: `STRUCT`**Provider name**: `dnsInfo`**Description**: Information of custom domain DNS verification.
    - `custom_domain`**Type**: `STRING`**Provider name**: `customDomain`**Description**: Output only. The applied verified custom domain.
    - `custom_domain_state`**Type**: `STRING`**Provider name**: `customDomainState`**Description**: Output only. The current verification state of the custom domain. The custom domain will only be used once the domain verification is successful.**Possible values**:
      - `VERIFICATION_STATE_UNSPECIFIED` - Default value. Do not use.
      - `NOT_STARTED` - The verification has not started.
      - `IN_PROGRESS` - The verification is in progress.
      - `FAILED` - The verification failed.
      - `SUCCEEDED` - The verification succeeded and is ready to be applied.
    - `domain_verification_request_time`**Type**: `TIMESTAMP`**Provider name**: `domainVerificationRequestTime`**Description**: Output only. The timestamp of initial request for the current domain verification.
    - `pending_custom_domain`**Type**: `STRING`**Provider name**: `pendingCustomDomain`**Description**: Output only. The custom domain that's to be verified.
    - `use_custom_domain`**Type**: `BOOLEAN`**Provider name**: `useCustomDomain`**Description**: Whether to use custom domain.
  - `legacy_reset_password_template`**Type**: `STRUCT`**Provider name**: `legacyResetPasswordTemplate`**Description**: Reset password email template for legacy Firebase V1 app.
    - `body`**Type**: `STRING`**Provider name**: `body`**Description**: Email body
    - `body_format`**Type**: `STRING`**Provider name**: `bodyFormat`**Description**: Email body format**Possible values**:
      - `BODY_FORMAT_UNSPECIFIED` - Default value. Do not use.
      - `PLAIN_TEXT` - Plain text
      - `HTML` - HTML
    - `customized`**Type**: `BOOLEAN`**Provider name**: `customized`**Description**: Output only. Whether the body or subject of the email is customized.
    - `reply_to`**Type**: `STRING`**Provider name**: `replyTo`**Description**: Reply-to address
    - `sender_display_name`**Type**: `STRING`**Provider name**: `senderDisplayName`**Description**: Sender display name
    - `sender_local_part`**Type**: `STRING`**Provider name**: `senderLocalPart`**Description**: Local part of From address
    - `subject`**Type**: `STRING`**Provider name**: `subject`**Description**: Subject of the email
  - `method`**Type**: `STRING`**Provider name**: `method`**Description**: The method used for sending an email.**Possible values**:
    - `METHOD_UNSPECIFIED` - Email method unspecified.
    - `DEFAULT` - Sending email on behalf of developer.
    - `CUSTOM_SMTP` - Sending email using SMTP configuration provided by developers.
  - `reset_password_template`**Type**: `STRUCT`**Provider name**: `resetPasswordTemplate`**Description**: Email template for reset password
    - `body`**Type**: `STRING`**Provider name**: `body`**Description**: Email body
    - `body_format`**Type**: `STRING`**Provider name**: `bodyFormat`**Description**: Email body format**Possible values**:
      - `BODY_FORMAT_UNSPECIFIED` - Default value. Do not use.
      - `PLAIN_TEXT` - Plain text
      - `HTML` - HTML
    - `customized`**Type**: `BOOLEAN`**Provider name**: `customized`**Description**: Output only. Whether the body or subject of the email is customized.
    - `reply_to`**Type**: `STRING`**Provider name**: `replyTo`**Description**: Reply-to address
    - `sender_display_name`**Type**: `STRING`**Provider name**: `senderDisplayName`**Description**: Sender display name
    - `sender_local_part`**Type**: `STRING`**Provider name**: `senderLocalPart`**Description**: Local part of From address
    - `subject`**Type**: `STRING`**Provider name**: `subject`**Description**: Subject of the email
  - `revert_second_factor_addition_template`**Type**: `STRUCT`**Provider name**: `revertSecondFactorAdditionTemplate`**Description**: Email template for reverting second factor addition emails
    - `body`**Type**: `STRING`**Provider name**: `body`**Description**: Email body
    - `body_format`**Type**: `STRING`**Provider name**: `bodyFormat`**Description**: Email body format**Possible values**:
      - `BODY_FORMAT_UNSPECIFIED` - Default value. Do not use.
      - `PLAIN_TEXT` - Plain text
      - `HTML` - HTML
    - `customized`**Type**: `BOOLEAN`**Provider name**: `customized`**Description**: Output only. Whether the body or subject of the email is customized.
    - `reply_to`**Type**: `STRING`**Provider name**: `replyTo`**Description**: Reply-to address
    - `sender_display_name`**Type**: `STRING`**Provider name**: `senderDisplayName`**Description**: Sender display name
    - `sender_local_part`**Type**: `STRING`**Provider name**: `senderLocalPart`**Description**: Local part of From address
    - `subject`**Type**: `STRING`**Provider name**: `subject`**Description**: Subject of the email
  - `smtp`**Type**: `STRUCT`**Provider name**: `smtp`**Description**: Use a custom SMTP relay
    - `host`**Type**: `STRING`**Provider name**: `host`**Description**: SMTP relay host
    - `password`**Type**: `STRING`**Provider name**: `password`**Description**: SMTP relay password
    - `port`**Type**: `INT32`**Provider name**: `port`**Description**: SMTP relay port
    - `security_mode`**Type**: `STRING`**Provider name**: `securityMode`**Description**: SMTP security mode.**Possible values**:
      - `SECURITY_MODE_UNSPECIFIED` - Default value. Do not use.
      - `SSL` - SSL mode
      - `START_TLS` - START_TLS mode
    - `sender_email`**Type**: `STRING`**Provider name**: `senderEmail`**Description**: Sender email for the SMTP relay
    - `username`**Type**: `STRING`**Provider name**: `username`**Description**: SMTP relay username
  - `verify_email_template`**Type**: `STRUCT`**Provider name**: `verifyEmailTemplate`**Description**: Email template for verify email
    - `body`**Type**: `STRING`**Provider name**: `body`**Description**: Email body
    - `body_format`**Type**: `STRING`**Provider name**: `bodyFormat`**Description**: Email body format**Possible values**:
      - `BODY_FORMAT_UNSPECIFIED` - Default value. Do not use.
      - `PLAIN_TEXT` - Plain text
      - `HTML` - HTML
    - `customized`**Type**: `BOOLEAN`**Provider name**: `customized`**Description**: Output only. Whether the body or subject of the email is customized.
    - `reply_to`**Type**: `STRING`**Provider name**: `replyTo`**Description**: Reply-to address
    - `sender_display_name`**Type**: `STRING`**Provider name**: `senderDisplayName`**Description**: Sender display name
    - `sender_local_part`**Type**: `STRING`**Provider name**: `senderLocalPart`**Description**: Local part of From address
    - `subject`**Type**: `STRING`**Provider name**: `subject`**Description**: Subject of the email
- `send_sms`**Type**: `STRUCT`**Provider name**: `sendSms`**Description**: Options for SMS sending.
  - `sms_template`**Type**: `STRUCT`**Provider name**: `smsTemplate`**Description**: Output only. The template to use when sending an SMS.
    - `content`**Type**: `STRING`**Provider name**: `content`**Description**: Output only. The SMS's content. Can contain the following placeholders which will be replaced with the appropriate values: %APP_NAME% - For Android or iOS apps, the app's display name. For web apps, the domain hosting the application. %LOGIN_CODE% - The OOB code being sent in the SMS.
  - `use_device_locale`**Type**: `BOOLEAN`**Provider name**: `useDeviceLocale`**Description**: Whether to use the accept_language header for SMS.

## `organization_id`{% #organization_id %}

**Type**: `STRING`

## `parent`{% #parent %}

**Type**: `STRING`

## `password_policy_config`{% #password_policy_config %}

**Type**: `STRUCT`**Provider name**: `passwordPolicyConfig`**Description**: The project level password policy configuration.

- `force_upgrade_on_signin`**Type**: `BOOLEAN`**Provider name**: `forceUpgradeOnSignin`**Description**: Users must have a password compliant with the password policy to sign-in.
- `last_update_time`**Type**: `TIMESTAMP`**Provider name**: `lastUpdateTime`**Description**: Output only. The last time the password policy on the project was updated.
- `password_policy_enforcement_state`**Type**: `STRING`**Provider name**: `passwordPolicyEnforcementState`**Description**: Which enforcement mode to use for the password policy.**Possible values**:
  - `PASSWORD_POLICY_ENFORCEMENT_STATE_UNSPECIFIED` - Illegal State, should not be used.
  - `OFF` - Password Policy will not be used on the project.
  - `ENFORCE` - Passwords non-compliant with the password policy will be rejected with an error thrown.
- `password_policy_versions`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `passwordPolicyVersions`**Description**: Must be of length 1. Contains the strength attributes for the password policy.
  - `custom_strength_options`**Type**: `STRUCT`**Provider name**: `customStrengthOptions`**Description**: The custom strength options enforced by the password policy.
    - `contains_lowercase_character`**Type**: `BOOLEAN`**Provider name**: `containsLowercaseCharacter`**Description**: The password must contain a lower case character.
    - `contains_non_alphanumeric_character`**Type**: `BOOLEAN`**Provider name**: `containsNonAlphanumericCharacter`**Description**: The password must contain a non alpha numeric character.
    - `contains_numeric_character`**Type**: `BOOLEAN`**Provider name**: `containsNumericCharacter`**Description**: The password must contain a number.
    - `contains_uppercase_character`**Type**: `BOOLEAN`**Provider name**: `containsUppercaseCharacter`**Description**: The password must contain an upper case character.
    - `max_password_length`**Type**: `INT32`**Provider name**: `maxPasswordLength`**Description**: Maximum password length. No default max length
    - `min_password_length`**Type**: `INT32`**Provider name**: `minPasswordLength`**Description**: Minimum password length. Range from 6 to 30
  - `schema_version`**Type**: `INT32`**Provider name**: `schemaVersion`**Description**: Output only. schema version number for the password policy

## `project_id`{% #project_id %}

**Type**: `STRING`

## `project_number`{% #project_number %}

**Type**: `STRING`

## `quota`{% #quota %}

**Type**: `STRUCT`**Provider name**: `quota`**Description**: Configuration related to quotas.

- `sign_up_quota_config`**Type**: `STRUCT`**Provider name**: `signUpQuotaConfig`**Description**: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.
  - `quota`**Type**: `INT64`**Provider name**: `quota`**Description**: Corresponds to the 'refill_token_count' field in QuotaServer config
  - `quota_duration`**Type**: `STRING`**Provider name**: `quotaDuration`**Description**: How long this quota will be active for
  - `start_time`**Type**: `TIMESTAMP`**Provider name**: `startTime`**Description**: When this quota will take effect

## `recaptcha_config`{% #recaptcha_config %}

**Type**: `STRUCT`**Provider name**: `recaptchaConfig`**Description**: The project-level reCAPTCHA config.

- `email_password_enforcement_state`**Type**: `STRING`**Provider name**: `emailPasswordEnforcementState`**Description**: The reCAPTCHA config for email/password provider, containing the enforcement status. The email/password provider contains all email related user flows protected by reCAPTCHA.**Possible values**:
  - `RECAPTCHA_PROVIDER_ENFORCEMENT_STATE_UNSPECIFIED` - Enforcement state has not been set.
  - `OFF` - Unenforced.
  - `AUDIT` - reCAPTCHA assessment is created, result is not used to enforce.
  - `ENFORCE` - reCAPTCHA assessment is created, result is used to enforce.
- `managed_rules`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `managedRules`**Description**: The managed rules for authentication action based on reCAPTCHA scores. The rules are shared across providers for a given tenant project.
  - `action`**Type**: `STRING`**Provider name**: `action`**Description**: The action taken if the reCAPTCHA score of a request is within the interval [start_score, end_score].**Possible values**:
    - `RECAPTCHA_ACTION_UNSPECIFIED` - The reCAPTCHA action is not specified.
    - `BLOCK` - The reCAPTCHA-protected request will be blocked.
  - `end_score`**Type**: `FLOAT`**Provider name**: `endScore`**Description**: The end score (inclusive) of the score range for an action. Must be a value between 0.0 and 1.0, at 11 discrete values; e.g. 0, 0.1, 0.2, 0.3, … 0.9, 1.0. A score of 0.0 indicates the riskiest request (likely a bot), whereas 1.0 indicates the safest request (likely a human). See [https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment](https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment).
- `phone_enforcement_state`**Type**: `STRING`**Provider name**: `phoneEnforcementState`**Description**: The reCAPTCHA config for phone provider, containing the enforcement status. The phone provider contains all SMS related user flows protected by reCAPTCHA.**Possible values**:
  - `RECAPTCHA_PROVIDER_ENFORCEMENT_STATE_UNSPECIFIED` - Enforcement state has not been set.
  - `OFF` - Unenforced.
  - `AUDIT` - reCAPTCHA assessment is created, result is not used to enforce.
  - `ENFORCE` - reCAPTCHA assessment is created, result is used to enforce.
- `recaptcha_keys`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `recaptchaKeys`**Description**: The reCAPTCHA keys.
  - `key`**Type**: `STRING`**Provider name**: `key`**Description**: The reCAPTCHA Enterprise key resource name, e.g. "projects/{project}/keys/{key}"
  - `type`**Type**: `STRING`**Provider name**: `type`**Description**: The client's platform type.**Possible values**:
    - `CLIENT_TYPE_UNSPECIFIED` - Client type is not specified.
    - `WEB` - Client type is web.
    - `IOS` - Client type is iOS.
    - `ANDROID` - Client type is Android.
- `toll_fraud_managed_rules`**Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `tollFraudManagedRules`**Description**: The managed rules for the authentication action based on reCAPTCHA toll fraud risk scores. Toll fraud managed rules will only take effect when the phone_enforcement_state is AUDIT or ENFORCE and use_sms_toll_fraud_protection is true.
  - `action`**Type**: `STRING`**Provider name**: `action`**Description**: The action taken if the reCAPTCHA score of a request is within the interval [start_score, end_score].**Possible values**:
    - `RECAPTCHA_ACTION_UNSPECIFIED` - The reCAPTCHA action is not specified.
    - `BLOCK` - The reCAPTCHA-protected request will be blocked.
  - `start_score`**Type**: `FLOAT`**Provider name**: `startScore`**Description**: The start score (inclusive) for an action. Must be a value between 0.0 and 1.0, at 11 discrete values; e.g. 0, 0.1, 0.2, 0.3, … 0.9, 1.0. A score of 0.0 indicates the safest request (likely legitimate), whereas 1.0 indicates the riskiest request (likely toll fraud). See [https://cloud.google.com/recaptcha-enterprise/docs/sms-fraud-detection#create-assessment-sms](https://cloud.google.com/recaptcha-enterprise/docs/sms-fraud-detection#create-assessment-sms).
- `use_account_defender`**Type**: `BOOLEAN`**Provider name**: `useAccountDefender`**Description**: Whether to use the account defender for reCAPTCHA assessment. Defaults to `false`.
- `use_sms_bot_score`**Type**: `BOOLEAN`**Provider name**: `useSmsBotScore`**Description**: Whether to use the rCE bot score for reCAPTCHA phone provider. Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.
- `use_sms_toll_fraud_protection`**Type**: `BOOLEAN`**Provider name**: `useSmsTollFraudProtection`**Description**: Whether to use the rCE sms toll fraud protection risk score for reCAPTCHA phone provider. Can only be true when the phone_enforcement_state is AUDIT or ENFORCE.

## `region_id`{% #region_id %}

**Type**: `STRING`

## `resource_name`{% #resource_name %}

**Type**: `STRING`

## `sign_in`{% #sign_in %}

**Type**: `STRUCT`**Provider name**: `signIn`**Description**: Configuration related to local sign in methods.

- `allow_duplicate_emails`**Type**: `BOOLEAN`**Provider name**: `allowDuplicateEmails`**Description**: Whether to allow more than one account to have the same email.
- `anonymous`**Type**: `STRUCT`**Provider name**: `anonymous`**Description**: Configuration options related to authenticating an anonymous user.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Whether anonymous user auth is enabled for the project or not.
- `email`**Type**: `STRUCT`**Provider name**: `email`**Description**: Configuration options related to authenticating a user by their email address.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Whether email auth is enabled for the project or not.
  - `password_required`**Type**: `BOOLEAN`**Provider name**: `passwordRequired`**Description**: Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link.
- `hash_config`**Type**: `STRUCT`**Provider name**: `hashConfig`**Description**: Output only. Hash config information.
  - `algorithm`**Type**: `STRING`**Provider name**: `algorithm`**Description**: Output only. Different password hash algorithms used in Identity Toolkit.**Possible values**:
    - `HASH_ALGORITHM_UNSPECIFIED` - Default value. Do not use.
    - `HMAC_SHA256` - HMAC_SHA256
    - `HMAC_SHA1` - HMAC_SHA1
    - `HMAC_MD5` - HMAC_MD5
    - `SCRYPT` - SCRYPT
    - `PBKDF_SHA1` - PBKDF_SHA1
    - `MD5` - MD5
    - `HMAC_SHA512` - HMAC_SHA512
    - `SHA1` - SHA1
    - `BCRYPT` - BCRYPT
    - `PBKDF2_SHA256` - PBKDF2_SHA256
    - `SHA256` - SHA256
    - `SHA512` - SHA512
    - `STANDARD_SCRYPT` - STANDARD_SCRYPT
  - `memory_cost`**Type**: `INT32`**Provider name**: `memoryCost`**Description**: Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See [https://tools.ietf.org/html/rfc7914](https://tools.ietf.org/html/rfc7914) for explanation of field.
  - `rounds`**Type**: `INT32`**Provider name**: `rounds`**Description**: Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.
  - `salt_separator`**Type**: `STRING`**Provider name**: `saltSeparator`**Description**: Output only. Non-printable character to be inserted between the salt and plain text password in base64.
  - `signer_key`**Type**: `STRING`**Provider name**: `signerKey`**Description**: Output only. Signer key in base64.
- `phone_number`**Type**: `STRUCT`**Provider name**: `phoneNumber`**Description**: Configuration options related to authenticated a user by their phone number.
  - `enabled`**Type**: `BOOLEAN`**Provider name**: `enabled`**Description**: Whether phone number auth is enabled for the project or not.

## `sms_region_config`{% #sms_region_config %}

**Type**: `STRUCT`**Provider name**: `smsRegionConfig`**Description**: Configures which regions are enabled for SMS verification code sending.

- `allow_by_default`**Type**: `STRUCT`**Provider name**: `allowByDefault`**Description**: A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.
  - `disallowed_regions`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `disallowedRegions`**Description**: Two letter unicode region codes to disallow as defined by [https://cldr.unicode.org/](https://cldr.unicode.org/) The full list of these region codes is here: [https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json](https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json)
- `allowlist_only`**Type**: `STRUCT`**Provider name**: `allowlistOnly`**Description**: A policy of only allowing regions by explicitly adding them to an allowlist.
  - `allowed_regions`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `allowedRegions`**Description**: Two letter unicode region codes to allow as defined by [https://cldr.unicode.org/](https://cldr.unicode.org/) The full list of these region codes is here: [https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json](https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json)

## `subtype`{% #subtype %}

**Type**: `STRING`**Provider name**: `subtype`**Description**: Output only. The subtype of this config.**Possible values**:

- `SUBTYPE_UNSPECIFIED` - Default value. Do not use.
- `IDENTITY_PLATFORM` - An Identity Platform project.
- `FIREBASE_AUTH` - A Firebase Authentication project.

## `tags`{% #tags %}

**Type**: `UNORDERED_LIST_STRING`

## `zone_id`{% #zone_id %}

**Type**: `STRING`