Google Identity - email templates cannot be changed

Question

We use GCP Identity Platform to manage multi-tenant authentication with email and password provider.

Google provides a way to configure email templates that are sent when user requests a password reset (in our case, this flow is triggered on the fronted by calling https://firebase.google.com/docs/reference/js/v8/firebase.auth.Auth#sendpasswordresetemail). This will trigger a email send to the user for which identity this method was called. This email, however, is problematic for us: it is sent from the *.firebaseapp.com domain (we want to use our own domain) and since it's been setup initially, it is now not possible to amend body of the email sent or change the "from" email used to send it.

This is how the configuration looks like in GCP console: Identity console

Anyone experienced the same issues or know what is the proper procedure to update email templates?

Answer 1

Answering my own question.

After some research, I started to believe GCP Console doesn't offer a way to make email templates configured at parent/top level project and inherit these settings by tenant providers. It is possible, however, with direct API calls:

Using patch https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants/patch

one needs to update Tenant entity with Inheritance object (setting emailSendingConfig flag) :

 {
  "name": "projects/<project-id>/tenants/<tenant-id>",
  "displayName": "<your tenant>",
  "allowPasswordSignup": true,
  "inheritance": {
   "emailSendingConfig": true
  }
}