Authentication overview

All Cloud Run services are deployed privately by default, which means that they can't be accessed without providing authentication credentials in the request. These services are secured by IAM. By default, services are only callable by Project Owners, Project Editors, and Cloud Run Admins and Cloud Run Invokers. You can configure IAM on Cloud Run services to grant access to additional users.

Common use cases for authentication include:

• Allowing public (unauthenticated) access: unauthenticated service invocations are allowed, making the service publicly accessible.

• Authenticating developer access while a service is in development.

• Authenticating service-to-service access while building applications composed of multiple services.

• Authenticating end-user access to a service from mobile or web clients.