4.2k

All integrations
Google Identity Platform
Identity providers

Cerbos authorization for Google Identity Platform

Google Identity Platform provides authentication, multi-tenancy, and custom token claims via Firebase Admin SDK extensions. Cerbos uses Identity Platform's custom claims, tenant context, and user metadata to evaluate fine-grained authorization policies at the application layer.

Custom claims as policy inputs

Custom claims as policy inputs

Set custom claims via the Admin SDK and use them as principal attributes in Cerbos authorization policies

Multi-tenant authorization

Multi-tenant authorization

Use Identity Platform tenant IDs and tenant-scoped user attributes to drive tenant-aware Cerbos policies

Enterprise identity federation

Enterprise identity federation

Federate with SAML and OIDC providers through Identity Platform while Cerbos handles resource-level authorization

How Cerbos works with Google Identity Platform

Google Identity Platform handles authentication, confirming who a user is. Cerbos handles authorization, deciding what that user can do. Together they give you a complete access control stack without coupling identity logic to business rules.

Cerbos lets you write fine-grained, context-aware authorization policies in human-readable YAML. Policies are decoupled from application code so product and security teams can update permissions without a release cycle.

Because Cerbos runs as a stateless Policy Decision Point (PDP) next to your application, authorization checks are sub-millisecond and scale horizontally with your infrastructure.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How Cerbos works with Google Identity Platform

  1. Users authenticate via Google Identity Platform, Identity Platform handles sign-in through email/password, social providers, SAML, and OIDC federation. Custom claims are set on user records via the Admin SDK and embedded in the ID token.
  2. Verify the ID token, Your backend verifies the Identity Platform ID token using the Admin SDK or a JWT library and extracts the UID, tenant ID, email, and custom claims.
  3. Send identity and resource context to Cerbos, Pass the user ID, tenant ID, custom claims (role, department, tier), and any user metadata as principal attributes alongside the target resource and action to the Cerbos PDP.
  4. Cerbos evaluates policies and returns a decision, Cerbos evaluates your YAML policies against the Identity Platform data and resource context, returning allow or deny. Your application enforces the result.

FAQ

How does Cerbos work with Google Identity Platform?

Google Identity Platform authenticates users and issues ID tokens containing custom claims set via the Admin SDK. Your application verifies the token, extracts the claims (role, tenant, department), and passes them to Cerbos as principal attributes. Cerbos evaluates them against your policies alongside resource attributes to return authorization decisions.

Can I use Identity Platform multi-tenancy with Cerbos?

Yes. Identity Platform supports multi-tenancy with isolated user pools per tenant. Pass the tenant ID and tenant-specific user attributes to Cerbos as principal attributes, and your policies can enforce tenant-scoped access rules.

How does this differ from Firebase Authentication?

Identity Platform extends Firebase Authentication with enterprise features like multi-tenancy, blocking functions, and SAML/OIDC federation. The integration pattern with Cerbos is the same, verify the ID token and pass claims to Cerbos, but Identity Platform provides richer identity data for policy evaluation.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Auth0
Auth0Map Auth0 Actions, Organizations, and roles to Cerbos policy inputs
Identity providers
Authentik
AuthentikAuthentik property mappings shape token claims for Cerbos policy inputs
Identity providers
AWS Cognito
AWS CognitoCognito user pool groups and custom attributes as Cerbos policy inputs
Identity providers
Clerk
ClerkClerk session claims and Organizations drive Cerbos policy evaluation
Identity providers
Curity
Curity Identity ServerCurity token procedure claims as principal attributes in Cerbos
Identity providers
Descope
DescopeDescope JWT claims, tenant data, and role assignments feed into Cerbos policy evaluation
Identity providers

Cerbos + Google Identity Platform

  • Cerbos extends Google Identity Platform roles with fine-grained, attribute-based permissions
  • Policies defined in human-readable YAML, managed as code
  • Authorization logic decoupled from application code
  • Sub-millisecond policy evaluation via stateless PDP
Book a free policy workshopTry the Playground
Cerbos
/assets/footer/socials/x.svg/assets/footer/socials/github.svg/assets/footer/socials/mail.svg/assets/footer/socials/youtube.svg/assets/footer/socials/linkedin.svg/assets/footer/socials/slack.svg/assets/footer/socials/npm.svg/assets/footer/socials/rss.svg
/assets/footer/compliance/soc-2.svg/assets/footer/compliance/gdpr.svg

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.

© 2026 Cerbos.dev

Terms of Service

Privacy Policy

Trusted Tester Agreement

Trademark Guidelines