Identity-Aware Proxy

Use identity and context to guard access to your applications and VMs.

Try it free
  • action/check_circle_24px Created with Sketch.

    Control access to your cloud-based and on-premises applications and VMs running on Google Cloud

  • action/check_circle_24px Created with Sketch.

    Verify user identity and use context to determine if a user should be granted access

  • action/check_circle_24px Created with Sketch.

    Work from untrusted networks without the use of a VPN

  • action/check_circle_24px Created with Sketch.

    Implement a zero-trust access model

Simpler for cloud admins

Secure access to apps in less time than it takes to implement a VPN. Let your developers focus on application logic, while IAP takes care of authentication and authorization.

Simpler for remote workers

End users point their web browser to an internet-accessible URL to access IAP-secured applications. No VPN client required.

Increased security

Admins can create and enforce granular access-control policies based on attributes like user identity, device security status, and IP address.

Key features

Centralized access control

IAP provides a single point of control for managing user access to web applications and cloud resources.

Works with cloud and on-premises apps

IAP can protect access to applications hosted on Google Cloud, other clouds, and on-premises.

Protects apps and VMs

With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Your VM instances don't even need public IP addresses.

Documentation

Google Cloud Basics
IAP conceptual overview

Gain an understanding of the key concepts required for deploying and using IAP, including high-level architecture.

Quickstart
Set up IAP with Google Identities

How to quickly deploy an App Engine application and secure it with Identity-Aware Proxy.

Tutorial
Context-aware access

Designing and implementing context-aware access policies.

Tutorial
Enabling IAP for on-premises apps

How to secure an HTTP-based, on-premises app by deploying an IAP connector.

Architecture
Building internet connectivity for private VMs

See the options for connecting to and from the internet using Compute Engine resources that have private IP addresses.

Tutorial
Security in Google Cloud

Learn about security controls and techniques on Google Cloud through lectures, demonstrations, and hands-on labs.

Pricing

There is no charge for using IAP with Google Cloud resources. However, when used with Compute Engine, the required load balancing and firewall configuration may incur additional costs. Read more about load balancing and protocol forwarding pricing in the Compute Engine pricing guide.