Identity-Aware Proxy documentation

Read product documentation

Identity-Aware Proxy (IAP) is a cloud-native alternative to traditional VPNs that manages access to applications running in Cloud Run, App Engine, Compute Engine, and GKE.

IAP verifies identity and enforces authorization at the application level, eliminating broad network access and perimeter-based security. Every request is evaluated in real time, ensuring only authenticated, authorized users can reach protected resources.

You can configure context-aware access policies using user identity, group membership, device security, and contextual signals like location or IP address. Unlike VPNs, IAP requires no client software or network tunneling. Users access applications directly through Chrome, while IT teams centrally define and enforce access policies in one place.

Learn more

Get started for free
  • Get access to Gemini 2.0 Flash Thinking
  • Free monthly usage of popular products, including AI APIs and BigQuery
  • No automatic charges, no commitment
View free product offers

Keep exploring with 20+ always-free products

Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses, and more.

Documentation resources

Find quickstarts and guides, review key references, and get help with common issues.
Explore self-paced training from Google Cloud Skills Boost, use cases, reference architectures, and code samples with examples of how to use and connect Google Cloud services.
training
Training and tutorials

Learn about Google Cloud security controls and techniques. Explore Google Cloud components and deploy a secure solution. Learn to mitigate attacks at several points in a Google Cloud infrastructure, including distributed denial-of-service attacks, phishing attacks, and threats involving content classification and use.

Learn more
use case
Use cases

Users log in through a browser to access internal apps like HR portals and dashboards. Access ties to identity, role, and device security, ensuring least-privilege access without network-wide exposure.

Employee Access Zero Trust Security
Learn more
use case
Use cases

Give external partners access to specific apps without putting them on your network. Set time-limited permissions that you can revoke instantly with no firewall changes required.

Vendor Access Third-Party Security
Learn more
use case
Use cases

IAP secures SSH and RDP access to cloud VMs without exposing public IPs. Eliminate jump hosts, static SSH keys, and long-lived credentials with secure, identity-based access.

Admin Access SSH Security
Learn more

Related videos