Control access to your cloud-based and on-premises applications and VMs running on Google Cloud
Verify user identity and use context to determine if a user should be granted access
Work from untrusted networks without the use of a VPN
Implement a zero-trust access model
Simpler for cloud admins
Secure access to apps in less time than it takes to implement a VPN. Let your developers focus on application logic, while IAP takes care of authentication and authorization.
Simpler for remote workers
End users point their web browser to an internet-accessible URL to access IAP-secured applications. No VPN client required.
Admins can create and enforce granular access-control policies based on attributes like user identity, device security status, and IP address.
Centralized access control
IAP provides a single point of control for managing user access to web applications and cloud resources.
Works with cloud and on-premises apps
IAP can protect access to applications hosted on Google Cloud, other clouds, and on-premises.
Protects apps and VMs
With TCP forwarding, IAP can protect SSH and RDP access to your VMs hosted on Google Cloud. Your VM instances don't even need public IP addresses.
IAP conceptual overview
Gain an understanding of the key concepts required for deploying and using IAP, including high-level architecture.
Set up IAP with Google Identities
How to quickly deploy an App Engine application and secure it with Identity-Aware Proxy.
Designing and implementing context-aware access policies.
Enabling IAP for on-premises apps
How to secure an HTTP-based, on-premises app by deploying an IAP connector.
Building internet connectivity for private VMs
See the options for connecting to and from the internet using Compute Engine resources that have private IP addresses.
Security in Google Cloud
Learn about security controls and techniques on Google Cloud through lectures, demonstrations, and hands-on labs.