Identity-Aware Proxy documentation
Identity-Aware Proxy (IAP) is a cloud-native alternative to traditional VPNs that manages access to applications running in Cloud Run, App Engine, Compute Engine, and GKE.
IAP verifies identity and enforces authorization at the application level, eliminating broad network access and perimeter-based security. Every request is evaluated in real time, ensuring only authenticated, authorized users can reach protected resources.
You can configure context-aware access policies using user identity, group membership, device security, and contextual signals like location or IP address. Unlike VPNs, IAP requires no client software or network tunneling. Users access applications directly through Chrome, while IT teams centrally define and enforce access policies in one place.
Start your proof of concept with $300 in free credit
- Get access to Gemini 2.0 Flash Thinking
- Free monthly usage of popular products, including AI APIs and BigQuery
- No automatic charges, no commitment
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.
Documentation resources
Guides
Related resources
Security in Google Cloud
Learn about Google Cloud security controls and techniques. Explore Google Cloud components and deploy a secure solution. Learn to mitigate attacks at several points in a Google Cloud infrastructure, including distributed denial-of-service attacks, phishing attacks, and threats involving content classification and use.
Employee access through browsers
Users log in through a browser to access internal apps like HR portals and dashboards. Access ties to identity, role, and device security, ensuring least-privilege access without network-wide exposure.
Controlled vendor and contractor access
Give external partners access to specific apps without putting them on your network. Set time-limited permissions that you can revoke instantly with no firewall changes required.
Admin access without open network ports
IAP secures SSH and RDP access to cloud VMs without exposing public IPs. Eliminate jump hosts, static SSH keys, and long-lived credentials with secure, identity-based access.