Cloud Identity-Aware Proxy ^beta

Use identity to guard access for applications deployed on GCP

Try Identity-Aware Proxy View My Console

Use Identity to Sign Into Apps

Identity-Aware Proxy (IAP) controls access to your cloud applications running on Google Cloud Platform. IAP works by verifying a user’s identity and determining if that user should be allowed to access the application. IAP is a building block toward BeyondCorp, an enterprise security model that enables every employee to work from untrusted networks without the use of a VPN.

Simpler for Cloud Admins

Add secure web access to an application in less time than it takes to implement a VPN. Let your developers focus on their application logic, while IAP takes care of authentication and authorization. Only authenticated users are granted access to the application.

Simpler for Remote Workers

End-users point their web browser to an internet-accessible url to access IAP-protected applications. No VPN client is required.

Control Access by User Identity

Administrators create policies to specify which groups of identities are granted access to GCP-hosted applications.

Secure Access Administration

Configure a single layer of security to manage user access to cloud applications. Administrators can improve security with Security Key Enforcement to deter phishing.

Cloud Identity-Aware Proxy Features

Use identity to guard access for applications deployed on GCP.

Identity-based access control: IAP uses identity to protect access for applications deployed on GCP.
Saves admin time: Faster to deploy than a VPN. Once deployed, IAP provides a single point of control for managing user access to web applications.
Free of charge: There is no charge for identity-based access controls.

Saves end-user time: Faster to log into than a VPN. No VPN client to for end-users to log into.
Deploys in minutes: Let your developers focus on their application logic, while IAP takes care of authentication and authorization.

Cloud Identity-Aware Proxy Pricing

There is no charge for using Identity-Aware Proxy. However, when used with Google Compute Engine, the required load balancing and firewall configuration may incur additional costs. Read more about load balancing and protocol forwarding pricing in the Compute Engine pricing guide.