Mengaktifkan IAP menggunakan klien OAuth yang dikelola Google
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan cara mengaktifkan Identity-Aware Proxy (IAP) untuk
resource Google Cloud , menggunakan klien OAuth
yang dikelola Google.
Saat mengaktifkan IAP di resource menggunakan klien OAuth yang dikelola Google, hanya pengguna dalam organisasi tempat resource tersebut berada yang dapat mengakses resource tersebut. Jika Anda ingin mengizinkan pengguna di luar organisasi mengakses resource yang mengaktifkan IAP, aktifkan kredensial OAuth kustom.
Mengaktifkan IAP untuk resource baru
Resource Google Cloud baru tidak mengaktifkan IAP.
Selesaikan langkah-langkah berikut untuk mengaktifkan IAP di resource baru.
Dalam daftar resource, buka setelan resource yang ingin Anda konfigurasikan kredensial OAuth kustomnya.
Centang kotak Enable custom OAuth credentials to allow users outside of this
organization to access this application.
Pada dialog Konfigurasi OAuth, masukkan client ID dan secret.
Opsional: Agar client ID dan secret dibuat untuk Anda, klik
Buat kredensial secara otomatis.
Anda dapat mendownload kredensial klien ke file CSV, atau menghapus
kredensial. Setelah Anda menyimpan perubahan, kredensial klien kustom tidak dapat
diambil, jadi sebaiknya simpan kredensial Anda.
Jika Anda menghapus kredensial, klien OAuth yang dibuat otomatis
juga akan dihapus.
Untuk menyimpan perubahan, klik Simpan. Menyimpan perubahan tidak akan mengubah
status pengaktifan IAP.
Beralih ke klien OAuth yang dikelola Google
Anda dapat mengubah resource menggunakan klien OAuth kustom untuk menggunakan klien OAuth
yang dikelola Google dengan menyelesaikan langkah-langkah berikut.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[],[],null,["# Enable IAP using a Google-managed OAuth client\n\nThis page describes how to enable Identity-Aware Proxy (IAP) for\na Google Cloud resource, using a Google-managed\nOAuth client.\n\nWhen enabling IAP on a resource using a Google-managed\nOAuth client, only users within the organization in which the resource is\ncontained can access that resource. If you want to allow users outside of\nthe organization access to an IAP-enabled resource, [enable\ncustom OAuth credentials](#custom-oauth-credentials).\n\nEnable IAP for a new resource\n-----------------------------\n\nNew Google Cloud resources don't have IAP enabled.\nComplete the following steps to enable IAP on a new resource.\n\n1. In the Google Cloud console, go to the IAP page.\n\n\n [Go to the IAP page](https://console.cloud.google.com/security/iap)\n2. Click the **Applications** tab.\n\n3. From the list of resources, select the resource for which you want to enable\n IAP.\n\n4. In the **IAP** column, click the toggle to the on position.\n\n5. For the **Turn on IAP** option, click **Turn on**.\n\nSet up custom OAuth credentials for a resource\n----------------------------------------------\n\nTo allow users outside of the organization access to an\nIAP-enabled resource, complete the following steps.\n\n1. In the Google Cloud console, go to the IAP page.\n\n\n [Go to the IAP page](https://console.cloud.google.com/security/iap)\n2. Click the **Applications** tab.\n\n3. In the list of resources, go to the settings of the resource for which you\n want to configure custom OAuth credentials.\n\n4. Select the **Enable custom OAuth credentials to allow users outside of this\n organization to access this application** checkbox.\n\n5. In the **OAuth configuration** dialog, enter a client ID and secret.\n\n6. Optional: To have a client ID and secret generated for you, click\n **Auto generate credentials**.\n\n You can download the client credentials to a CSV file, or delete the\n credentials. After you save your changes, custom client credentials cannot\n be retrieved, so we recommend that you save your credentials.\n\n If you delete the credentials, the auto-generated OAuth client\n is also deleted.\n7. To save your changes, Click **Save**. Saving your changes does not change\n the IAP enabled state.\n\nChange to a Google-managed OAuth client\n---------------------------------------\n\nYou can change resources using a custom OAuth client to use a Google-managed\nOAuth client by completing the following steps.\n\n1. In the Google Cloud console, go to the IAP page.\n\n\n [Go to the IAP page](https://console.cloud.google.com/security/iap)\n2. Click the **Applications** tab.\n\n3. In the list of resources, go to the settings of the resource for which you\n want to change to use a Google-managed OAuth client.\n\n4. Deselect the **Enable custom OAuth credentials to allow users outside of this\n organization to access this application** checkbox.\n\n5. Click **Save**."]]