Firebase Authentication Admin Panel

Firebase Authentication Admin Panel

Firefoo comes with a powerful admin panel for your Firebase Authentication user records. Easily view and edit, add and delete users!
  • Change emails and passwords of your users
  • See and edit all user fields, e.g. email verification status
  • Edit custom tokens / claims
  • Bulk disable or delete user accounts
  • Import and export users to CSV and JSON
  • Transfer users between projects
  • Quickly write custom scripts

See for Yourself

Double-click a table row to open the user details in a popup and edit them.

Authentication User Attributes

User UID

An ID that uniquely identifies a user. By default, Firebase uses randomly generated 28-character strings. The UID of a user cannot be changed, but when creating a new user through Firefoo, you can choose a custom UID.


The date and time this user account was created. Cannot be changed after-the-fact.

Last login

The date and time this user last logged into their account in your app. Cannot be changed manually.

Phone number

The phone number of the user, grouped together with email in the table. The phone number must start with the country code using +, e.g. +4915127570155. When changing a user phone number, that user will likely get logged out of your app and will not receive an automated SMS message.


The email address of the user. Must have the format of a valid email address.

Display name

The human-readable display name of the user. Most likely their full name if they signed in using a provider like Google.


Whether the user is disabled or not. A disabled user cannot login to your app. Use this to temporarily ban a user from your app or to provision new users to later enable their accounts.


The list of providers linked to a user, e.g. [phone, password,,]. In the detail view all fields are listed for every linked provider.

Custom claims

Claims (also called custom tokens) contain custom meta data for auth records. They can only be written from secure backend environments, not the mobile or web SDKs. The custom claims are sent with every request and can easily be checked in Firestore Rules descriptions, so they come in handy when implementing a custom role system on top of Firebase authentication. See this Medium article with a great tutorial on this technique.
A Firebase Authentication claim is a JSON-object that can contain arbitrary properties, for example:
{ "roles": ["ADMIN", "MODERATOR"] }
It's not possible to set a claim directly while creating a new user, but right after creation you can go ahead and change it.

Email verified

Whether the user email is verified or not. Changing this through Firefoo will not require any user action and will not send an email to the user.


All passwords in Firebase are hashed, so in the authentication user table you'll only see whether the user has a password set or not.
To change a password, you provide the clear-text version of the new password. Beware that changing the password of an authentication user will not send an email to the user and might log them out of your app.

Password updated

The date and time when the user password was last updated.

Photo URL

The profile picture URL, which will automatically be populated when signing in with third-party providers like Google. Note that this will always be set for Google, even if the user does not have a custom Google profile photo. In that case, the URL points to an image of a colored circle with the first letter of the user's first name.