This page describes how to configure Identity-Aware Proxy (IAP) as an authentication proxy.
When you configure an IAP policy to allow all users access to an
application, IAP does not check user authentication
credentials. If you want to use IAP as an authentication proxy,
and have users authenticate when accessing a resource, you must set the
IAP mode to
Configure IAP as an authentication proxy
To configure IAP as an authentication proxy, complete the following steps:
Follow the IAP How-to guides documentation to enable IAP on a resource.
Go to the IAP page.
Go to Identity-Aware Proxy
Select a resource, and then click Add Member.
Add the IAP-secured Web App User role to
allUsersto make the resource publicly accessible.
To have IAP authenticate users, ensure that your request to the application is in the following format:
target_domain + ?gcp-iap- mode=FORCE_LOGIN. This enforces authentication to all incoming requests and redirects the request to
target_domainafter successful authentication.