We have a "white label" mobile app with plans to provide it to multiple customers. We would like to rely on Firebase Crashlytics, Push Notifications, Analytics, In App Messaging, Remote Config, Performance Monitoring and other capabilities. However, this functionality or rather access to some of these capabilities would have to be segregated from our customers. As creators/owners/maintainers, we would like to keep control (and exclusive access) to Crashlytics, Remote Config or Performance Monitoring, among others, while configuring Push Notifications, Analytics, In App Messaging, etc. to be accessible and "owned" by the customer. Is there a way to configure an app with multiple Firebase projects or accomplish the above described separation otherwise? Preferably, there should be a hard separation (e.g. different Firebase projects) vs. a soft one (i.e. permissions within the same project).
Related
I am looking to potentially use Firebase Cloud Messaging to flexibly add push notifications to my platform. The issue I am running into is that Firebase advises against sharing actual Firebase "projects" between "logically distinct apps."
For a normal multitenant SaaS offering, this would be a single project to represent all the client environments with end-users data being intermingled within a single location. In this case, we would logically (in our backend logic) prevent client's abilities to access each other's customer data.
The wrinkle comes in because we actually have individual, nearly identical application servers within our private AWS cluster (and databases) for each customer. We think this would work via still programmatically controlling access via each individual backend, allowing only the servers to communicate with the Firebase admin SDK.
Does anyone know if this is within the best practices? or does this violate the expected limitations?
I am currently working on a big software project that makes use of Firebase services. Especially Firebase Cloud Firestore, Firebase Storage, and Firebase Auth is used.
Multiple teams in one project
Teams can create their instance of the app to use the features of the app. From a technical standpoint, it is important to know that everything happens through one single Firebase project. Teams are not separated into multiple projects. From a feature standpoint, this is mandatory.
The authentication process
Admins of a team can manage the experience for the users of their team. They should also be able to modify the login methods and e.g. set up individual data to their Microsoft Azure AD account or Google Enterprise account. After a successful setup users of the team should be able to sign in with the prepared auth method by their team admin.
Possible approach
All available auth methods are enabled, set up, and ready to use (E-Mail, Google, Twitter, Microsoft, etc.). When a user opens the app and wants to sign in, the app checks which auth methods are enabled by the team admin and presents the appropriate UI.
Problem: Microsoft AD
Unfortunately, the metadata and values needed for Microsoft AD are set by the team admins and are different for every team. How can this be solved?
We are developing a mobile application with a Firebase backend for a client organization. They want their organization's data hidden from the developer team. The firebase database is used by a flutter mobile application.
My current idea is to develop the app in an entirely different google account, and to swap configuration to clients google account when deploying, and deploy the cloud functions under their supervision. But there must be a easier way!
Can you guys suggest an elegant way to achieve this data privacy requirement of the clients?
What you want here is to utilize IAM roles in the project to restrict access. The client can own the project and grant limited access to the developers through roles that can be assigned.
They could give permission to deploy cloud functions without being able to read the entire Firestore database, as an example.
I'd recommend creating a second staging or "non-production" project that developers have full access to as well, since developing when you can't use the Firestore data viewer or have admin read access can be very difficult.
I currently have two applications: A and B. In both there is a common functionality, a message box. When a message is sent to your mailbox, you receive a notification. If the message is sent from application A, it is sent a notification to application A of the destination. Otherwise, it is sent to application B.
The question is: it's better to have a firebase project for each of the applications or there is some way to have both applications in the same project and know which application each user has installed to send the corresponding notification.
All apps in a Firebase project share all resources of that project. So they all share the same Firebase Authentication users, the same (Firestore or Realtime) Databases, and the same Cloud Messaging keys and audiences.
Firebase projects are meant to host a single logical application. If you have an administrative app and an end-user app, a free and a premium version, and then have iOS, Android, and Web versions of all, you have up to 12 variants of the app inside a project, but they're really all just part of the same application.
There are also limits as to how many apps you can add to a Firebase project. The exact limits have varied a bit over time, but if you have more than 30 apps in a project Firebase may prevent you from adding more.
So: if you app A and B are variants of the same application, it's totally fine (and probably a good idea) to add them to the same project. If you have another use-case, keep the guidance above in mind.
I'm building a SAAS project on Firebase and weighing the pros and cons of multi-tenant architecture vs managed Firebase instances for each account.
One of the key challenges with managed instances is reporting usage. I've searched through Firebase docs but have not been able to find an API endpoint to fetch a Firebase project's account usage (eg bandwidth, function invocations, storage, etc).
Is there a API that I'm missing or is this alternatively possible with core Google Cloud APIs?
firebaser here
We just added a REST API to manage projects and the apps in those projects. But there is currently no way to report usage for a project across all Firebase products. It sounds like a useful feature through, so I recommend filing a feature request.
Until a feature is added that fits your needs, you will have to do the tracking from within your own app, or by proxying the tracked functionality through Cloud Functions, where you can then log whatever you need for tracking usage.