Identity-Aware Proxy documentation
Identity-Aware Proxy (IAP) is a cloud-native alternative to traditional VPNs that manages access to applications running in Cloud Run, App Engine, Compute Engine, and GKE.
IAP verifies identity and enforces authorization at the application level, eliminating broad network access and perimeter-based security. Every request is evaluated in real time, ensuring only authenticated, authorized users can reach protected resources.
You can configure context-aware access policies using user identity, group membership, device security, and contextual signals like location or IP address. Unlike VPNs, IAP requires no client software or network tunneling. Users access applications directly through Chrome, while IT teams centrally define and enforce access policies in one place.
Start your next project with $300 in free credit
Build and test a proof of concept with the free trial credits and free monthly usage of 20+ products.
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.
Documentation resources
Guides
-
Cloud IAP conceptual overview
-
Authenticate users with Google Accounts
-
Use IAP for TCP forwarding
-
Set up programmatic authentication
-
Configure context-aware access
-
Enable IAP for App Engine
-
Enable IAP for Cloud Run
-
Enable IAP for Compute Engine
-
Manage access to IAP-secured resources
-
Secure your app with signed headers