Cloud Identity-Aware Proxy

Use identity and context to guard access to your applications and VMs.
Use identity and context to sign in to apps and VMs

Use identity and context to sign in to apps and VMs

Cloud Identity-Aware Proxy (Cloud IAP) controls access to your cloud applications and VMs running on Google Cloud Platform (GCP). Cloud IAP works by verifying user identity and context of the request to determine if a user should be allowed to access an application or a VM. Cloud IAP is a building block toward BeyondCorp, an enterprise security model that enables every employee to work from untrusted networks without the use of a VPN.

Simpler for cloud admins

Add secure web access to an application in less time than it takes to implement a VPN. Let your developers focus on their application logic, while Cloud IAP takes care of authentication and authorization. Only authenticated users are granted access to the application.

Simpler for remote workers

End users point their web browser to an internet-accessible URL to access Cloud IAP-secured applications. No VPN client is required.

Context-aware access

Administrators can create granular access control policies for applications hosted on GCP, other clouds, and on-premises based on attributes like user identity, device security status, and IP address. Cloud IAP is a key component in Google Cloud’s context-aware access solution.

Secure access administration

Configure a single layer of security to manage user access to cloud applications. Administrators can improve security with Security Key Enforcement to prevent phishing.

Features

Controls access without VPN

Manage access to your apps and VMs based on a user’s identity and context of the request (e.g. device status, location) without VPN. Powered by Google Cloud’s context-aware access.

Saves admin time

Faster to deploy than a VPN. Once deployed, Cloud IAP provides a single point of control for managing user access to web applications.

Works with cloud and on-premises apps

Cloud IAP can protect access to applications hosted on GCP, other clouds, and on-premises.

Saves end user time

Faster to sign into than a VPN. No VPN client login.

Deploys in minutes

Let your developers focus on their application logic, while Cloud IAP takes care of authentication and authorization.

Protects your apps and VMs

With the new TCP forwarding feature, Cloud IAP can now protect SSH and RDP access to your VMs hosted on GCP. Your VM instances don't even need public IP addresses.

Technical resources

Pricing

There is no charge for using Cloud IAP. However, when used with Compute Engine, the required load balancing and firewall configuration may incur additional costs. Read more about load balancing and protocol forwarding pricing in the Compute Engine pricing guide.

Google Cloud

Get started

Learn and build

New customers get $300 in free credits to learn and build on Google Cloud, plus free tech support for up to 12 months.

Need more help?

Our experts will help you build the right solution or find the right partner for your needs.

إرسال تعليقات حول...

Cloud Identity-Aware Proxy