diff --git a/.github/config/nodejs-prod.jsonc b/.github/config/nodejs-prod.jsonc
index 5f908446a0..9e0bc57522 100644
--- a/.github/config/nodejs-prod.jsonc
+++ b/.github/config/nodejs-prod.jsonc
@@ -42,7 +42,7 @@
     ".kokoro/",
     ".prettierignore",
     ".prettierrc.js",
-    "cloud-samples-tools", // checked out by GH action in ci-*.yml 
+    "cloud-samples-tools", // checked out by GH action in ci-*.yml
     "CODEOWNERS",
     "CODE_OF_CONDUCT.md",
     "CONTRIBUTING.md",
@@ -94,7 +94,6 @@
     "healthcare/fhir", // Error: Cannot find module 'whatwg-url'
     "iam/deny", // PERMISSION_DENIED: Permission iam.googleapis.com/denypolicies.create denied on resource cloudresourcemanager.googleapis.com/projects/long-door-651
     "recaptcha_enterprise/snippets", // Cannot use import statement outside a module
-    "run/idp-sql", // Error: Invalid contents in the credentials file
     "run/markdown-preview/editor", // Error: could not create an identity token: Cannot fetch ID token in this environment, use GCE or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to a service account credentials JSON file
     "run/system-package", // Error: ENOENT: no such file or directory, access '/usr/bin/dot'
     "scheduler", // SyntaxError: Cannot use import statement outside a module
diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml
index 77208eeff4..9e1e95c6a5 100644
--- a/.github/workflows/ci-prod.yaml
+++ b/.github/workflows/ci-prod.yaml
@@ -85,6 +85,7 @@ jobs:
         path: ${{ fromJson(github.event_name == 'pull_request' && needs.affected.outputs.nodejs-paths || '[]') }}
     env:
       GOOGLE_SAMPLES_PROJECT: long-door-651
+      GOOGLE_SERVICE_ACCOUNT: kokoro-system-test@long-door-651.iam.gserviceaccount.com
       CI_SETUP: ${{ toJson(fromJson(needs.affected.outputs.nodejs-setups)[matrix.path])}}
     steps:
       - name: CI Setup
@@ -99,7 +100,7 @@ jobs:
         with:
           project_id: ${{ env.GOOGLE_SAMPLES_PROJECT }}
           workload_identity_provider: projects/1046198160504/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider
-          service_account: kokoro-system-test@long-door-651.iam.gserviceaccount.com
+          service_account: ${{ env.GOOGLE_SERVICE_ACCOUNT }}
           access_token_lifetime: 600s # 10 minutes
       - name: Export environment variables
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
diff --git a/run/idp-sql/app.js b/run/idp-sql/app.js
index 5543a7aba2..5f974b8473 100644
--- a/run/idp-sql/app.js
+++ b/run/idp-sql/app.js
@@ -22,7 +22,7 @@ const {authenticateJWT, requestLogger} = require('./middleware');
 const app = express();
 app.use(express.static(__dirname + '/static'));
 
-// Automatically parse request body as form data.
+// Automatically parse request body as form data
 app.use(express.urlencoded({extended: false}));
 app.use(express.json());
 
diff --git a/run/idp-sql/ci-setup.json b/run/idp-sql/ci-setup.json
new file mode 100644
index 0000000000..baa28fc736
--- /dev/null
+++ b/run/idp-sql/ci-setup.json
@@ -0,0 +1,12 @@
+{
+  "env": {
+    "SERVICE_NAME": "idp-sql-${RUN_ID}",
+    "CLOUD_SQL_CONNECTION_NAME": "nodejs-docs-samples-tests:us-central1:postgres-ci",
+    "DB_NAME": "kokoro_ci",
+    "DB_USER": "kokoro_ci"
+  },
+  "secrets": {
+    "IDP_KEY": "nodejs-docs-samples-tests/nodejs-docs-samples-idp-key",
+    "DB_PASSWORD": "nodejs-docs-samples-tests/nodejs-docs-samples-sql-password"
+  }
+}
diff --git a/run/idp-sql/package.json b/run/idp-sql/package.json
index 5f7970a3de..1febe62959 100644
--- a/run/idp-sql/package.json
+++ b/run/idp-sql/package.json
@@ -14,12 +14,14 @@
   },
   "scripts": {
     "start": "node index.js",
-    "test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit",
-    "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit"
+    "unit-test": "c8 mocha -p -j 2 test/app.test.js --timeout=120000 --exit",
+    "system-test": "c8 mocha -p -j 2 test/system.test.js --timeout=1800000 --exit",
+    "all-test": "npm run unit-test && npm run system-test",
+    "test": "npm -- run all-test"
   },
   "dependencies": {
     "express": "^4.16.2",
-    "firebase-admin": "^12.0.0",
+    "firebase-admin": "^13.0.0",
     "gcp-metadata": "^6.0.0",
     "google-auth-library": "^9.0.0",
     "handlebars": "^4.7.6",
diff --git a/run/idp-sql/test/e2e_test_cleanup.yaml b/run/idp-sql/test/e2e_test_cleanup.yaml
index 7521b55ee7..41ede5730a 100644
--- a/run/idp-sql/test/e2e_test_cleanup.yaml
+++ b/run/idp-sql/test/e2e_test_cleanup.yaml
@@ -20,3 +20,9 @@ substitutions:
   _VERSION: manual
   _REGION: us-central1
   _PLATFORM: managed
+  _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com
+
+serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}'
+options:
+    logging: CLOUD_LOGGING_ONLY
+    dynamicSubstitutions: true
diff --git a/run/idp-sql/test/e2e_test_setup.yaml b/run/idp-sql/test/e2e_test_setup.yaml
index 3053d19812..dc1c319bfc 100644
--- a/run/idp-sql/test/e2e_test_setup.yaml
+++ b/run/idp-sql/test/e2e_test_setup.yaml
@@ -57,3 +57,9 @@ substitutions:
   _DB_NAME: postgres
   _DB_USER: postgres
   _DB_PASSWORD: password1234
+  _SERVICE_ACCOUNT: ${PROJECT_NUMBER}@cloudbuild.gserviceaccount.com
+
+serviceAccount: 'projects/${PROJECT_ID}/serviceAccounts/${_SERVICE_ACCOUNT}'
+options:
+    logging: CLOUD_LOGGING_ONLY
+    dynamicSubstitutions: true
diff --git a/run/idp-sql/test/retry.sh b/run/idp-sql/test/retry.sh
index 78385733f0..0f36c2075a 100755
--- a/run/idp-sql/test/retry.sh
+++ b/run/idp-sql/test/retry.sh
@@ -59,7 +59,7 @@ do
     if ((attempt_num==max_attempts))
     then
         echo "Attempt $attempt_num / $max_attempts failed! No more retries left!"
-        exit
+        exit 1
     else
         echo "Attempt $attempt_num / $max_attempts failed!"
         sleep $((attempt_num++))
diff --git a/run/idp-sql/test/system.test.js b/run/idp-sql/test/system.test.js
index 343718467c..664baab4e0 100644
--- a/run/idp-sql/test/system.test.js
+++ b/run/idp-sql/test/system.test.js
@@ -32,6 +32,8 @@ describe('System Tests', () => {
     console.log('"SERVICE_NAME" env var not found. Defaulting to "idp-sql"');
     SERVICE_NAME = 'idp-sql';
   }
+
+  const {GOOGLE_SERVICE_ACCOUNT} = process.env;
   const {SAMPLE_VERSION} = process.env;
   const PLATFORM = 'managed';
   const REGION = 'us-central1';
@@ -60,6 +62,7 @@ describe('System Tests', () => {
       '--config ./test/e2e_test_setup.yaml ' +
       `--substitutions _SERVICE=${SERVICE_NAME},_PLATFORM=${PLATFORM},_REGION=${REGION}` +
       `,_DB_PASSWORD=${DB_PASSWORD},_CLOUD_SQL_CONNECTION_NAME=${CLOUD_SQL_CONNECTION_NAME}`;
+    if (GOOGLE_SERVICE_ACCOUNT) buildCmd += `,_SERVICE_ACCOUNT=${GOOGLE_SERVICE_ACCOUNT}`;
     if (SAMPLE_VERSION) buildCmd += `,_VERSION=${SAMPLE_VERSION}`;
 
     console.log('Starting Cloud Build...');