Cross-project External Identities? (Or shared authui across projects)

Question

Cross-project External Identities? (Or shared authui across projects)

Opened this issue 2 years ago · 1 comments

Hello,

The docs state that "You cannot use cross project external identities with IAP.". So does that mean that I if have multiple applications that I want to use with IAP that are in separate projects, I will also need to run multiple copies of the "gcr.io/gcip-iap/authui" service via Cloud Run (one per project)?

I've tried running one in a separate project and pointing to it from the others, but I get issues with "Mismatched project numbers" in the getAuth function. I was about to try to create a custom page myself, but the docs make it seem like it's not worth attempting.

Am I understanding this correctly? Is anyone aware of a workaround?

Thanks,

Erik

Answer 1 · 2023-04-04T23:12:58.000Z

That is correct, you can only use identities from the same project.