Skip to content
Control access to your cloud-based and on-premises applications and VMs running on Google CloudVerify user identity and use context to determine if a user should be granted accessWork from untrusted networks without the use of a VPNImplement a zero-trust access model
Identity-Aware Proxy
IAP lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls.
IAP policies scale across your organization. You can define access policies centrally and apply them to all of your applications and resources. When you assign a dedicated team to create and enforce policies, you protect your project from incorrect policy definition or implementation in any application.
When to use IAP?
Use IAP when you want to enforce access control policies for applications and resources. IAP works with or the App Engine standard environment to secure your app. With IAP, you can set up group-based application access: a resource could be accessible for employees and inaccessible for contractors, or only accessible to a specific department.
How IAP works?
When an application or resource is protected by IAP, it can only be accessed through the proxy by , also known as users, who have the correct . When you grant a user access to an application or resource by IAP, they're subject to the fine-grained access controls implemented by the product in use without requiring a VPN. When a user tries to access an IAP-secured resource, IAP performs authentication and authorization checks.
While IAP is an effective tool for controlling access to applications deployed on Google Cloud, it's not specifically designed to secure data stored in Cloud Storage.
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.