Frequently asked questions

What applications can be secured with Cloud Identity-Aware Proxy (Cloud IAP)?

Cloud IAP can be used with:

  • App Engine standard environment and App Engine flexible environment Beta applications.
  • Compute Engine instances with HTTP(S) load balancing backend services.
  • Google Kubernetes Engine containers

Currently, Cloud IAP cannot be used with Cloud CDN.

How do I access my app from more URLs?

To access your app from more domains later, follow the process below:

  1. Go to the Identity-Aware Proxy page.
    Go to the Identity-Aware Proxy page
  2. Click More next to the resource to which you want to add a domain, then click Edit OAuth client.
  3. In the Credentials window that appears, under Authorized redirect URIs, add the domains in the format of your_domain/_gcp_gatekeeper/authenticate.
  4. When you're finished adding domains, click Save. You'll now be able to access your app from those domains with Cloud IAP turned on.
Why is there a # at the end of my URL after signing in to my application?
In some browsers and under certain conditions, a # may be appended to the URL after authentication. This is normal and won't cause issues when logging in.
Why was the #... fragment identifier at the end of my URL removed?
As a security measure, this part of a URL is removed during the login process. After logging in, revisiting your URL will work as expected.
Why are my requests failing and returning a 405 error?
This can be caused by not attaching cookies to your requests. By default, JavaScript methods don't attach cookies to requests.

The way you include cookies varies between request methods. For example, requests sent with an XMLHttpRequest object need the withCredentials property set to true, while requests sent with the Fetch API need the credentials option set to include or same-origin. If the errors occur only after a certain amount of time has passed (for example, after 1 hour), see Managing Cloud IAP sessions for information about sessions.
Was this page helpful? Let us know how we did:

Send feedback about...

Identity-Aware Proxy Documentation