I have just deployed a website to Firebase hosting and it works great - setup was super easy.

My question is, however, is there any way I can make accessing the website limited by authentication? It's an admin panel that only my team should be able to access. Is there any way I can password protect or privatize my website hosted on Firebase?

Thanks!

This is not possible at present, though it's been a popular feature request. We have some ideas about how we might tackle something like this, but nothing to announce at this time.

Late to the party, but ran into a similar problem when wanting to create a dashboard available only to users on our domain (but without wanting to manage individual accounts).

Ended up using the standard google auth flow, but restricting data access via DB rules. To see if a user is authorised we attempt to access data directly after login (and before we report back to the user). If it fails on auth grounds our user is an outsider.

Firebase DB Rule:

{
  "rules": {
    ".read": "auth.token.email_verified == true && auth.token.email.matches(/.*@ourdomain.org$/)",
    ".write": false
  }
}

See https://firebase.google.com/docs/reference/security/database/

Note: this was definitely made easier due to our org running our mail through gsuite, however you could easily define more granular rules where this option isn't available.

The simplest way to solve this for me was to move my app from Firebase to AWS Amplify. It allows you to password protect the app. Under access control, change it from 'Publicly viewable' to 'restricted'. If you're looking for a feature that is similar but in my opinion more robust than firebase auth, then integrate AWS cognito into your app; with AWS cognito, you're able to prevent new user sign ups and restrict new user emails to specific domains among other features.