Use identity and context to guard access to your applications and VMs.
Control access to your cloud-based and on-premises applications and VMs running on Google Cloud
Verify user identity and use context to determine if a user should be granted access
Work from untrusted networks without the use of a VPN
Implement a zero-trust access model
Benefits
Simpler for cloud admins
Secure access to apps in less time than it takes to implement a VPN. Let your developers focus on application logic, while IAP takes care of authentication and authorization.
Simpler for remote workers
End users point their web browser to an internet-accessible URL to access IAP-secured applications. No VPN client required.
Increased security
Admins can create and enforce granular access-control policies based on attributes like user identity, device security status, and IP address.
Key features
Centralized access control
IAP provides a single point of control for managing user access to web applications and cloud resources.
Works with cloud and on-premises apps
IAP can protect access to applications hosted on Google Cloud, other clouds, and on-premises.
Protects apps and VMs
With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Your VM instances don't even need public IP addresses.
Documentation
IAP conceptual overviewGain an understanding of the key concepts required for deploying and using IAP, including high-level architecture.
Set up IAP with Google IdentitiesHow to quickly deploy an App Engine application and secure it with Identity-Aware Proxy.
Context-aware accessDesigning and implementing context-aware access policies.
Enabling IAP for on-premises appsHow to secure an HTTP-based, on-premises app by deploying an IAP connector.
Building internet connectivity for private VMsSee the options for connecting to and from the internet using Compute Engine resources that have private IP addresses.
Security in Google CloudLearn about security controls and techniques on Google Cloud through lectures, demonstrations, and hands-on labs.
Not seeing what you’re looking for? View all product documentationGenerate a solution
What problem are you trying to solve?
What you'll get:
check_smallStep-by-step guide
check_smallReference architecture
check_smallAvailable pre-built solutions
This service was built with
Vertex AI. You must be 18 or older to use it. Do not enter sensitive, confidential, or personal info.
Pricing
PricingIdentity-Aware Proxy includes a number of features that can be used to protect access to Google Cloud hosted resources and applications hosted on Google Cloud at no charge. (Networking and compute charges apply for required load balancing. Information about load balancing pricing can be found in the Compute Engine documentation.)
The following capabilities of Identity-Aware Proxy are paid features of BeyondCorp Enterprise: proxy for non-Google Cloud resources; customizing IAP; and use of device attributes in access levels.
Learn more about BeyondCorp Enterprise pricing and features.
Take the next stepStart building on Google Cloud with $300 in free credits and 20+ always free products.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4