Identity-Aware Proxy documentation
Identity-Aware Proxy (IAP) is a cloud-native alternative to traditional VPNs that manages access to applications running in Cloud Run, App Engine, Compute Engine, and GKE.
IAP verifies identity and enforces authorization at the application level, eliminating broad network access and perimeter-based security. Every request is evaluated in real time, ensuring only authenticated, authorized users can reach protected resources.
You can configure context-aware access policies using user identity, group membership, device security, and contextual signals like location or IP address. Unlike VPNs, IAP requires no client software or network tunneling. Users access applications directly through Chrome, while IT teams centrally define and enforce access policies in one place.
Start your proof of concept with $300 in free credit
- Get access to Gemini 2.0 Flash Thinking
- Free monthly usage of popular products, including AI APIs and BigQuery
- No automatic charges, no commitment
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.
Documentation resources
Guides
-
Cloud IAP conceptual overview
-
Authenticate users with Google Accounts
-
Use IAP for TCP forwarding
-
Set up programmatic authentication
-
Configure context-aware access
-
Enable IAP for App Engine
-
Enable IAP for Cloud Run
-
Enable IAP for Compute Engine
-
Manage access to IAP-secured resources
-
Secure your app with signed headers