Identity-Aware Proxy documentation

Identity-Aware Proxy (IAP) lets you manage access to applications running in App Engine standard environment, App Engine flexible environment, Compute Engine, and GKE. IAP establishes a central authorization layer for applications accessed by HTTPS, so you can adopt an application-level access control model instead of using network-level firewalls. When you turn on IAP, you must also use signed headers to secure your app.

Learn more

Quickstart: Authenticate users with Google Accounts
Using IAP for TCP forwarding
Programmatic authentication
Identity-Aware Proxy overview
Setting up an external HTTPS load balancer
Enabling IAP for GKE
Managing access to IAP-secured resources
Securing your app with signed headers
Enabling IAP for on-premises apps

Using the API to manage Identity-Aware Proxy for App Engine
Using the API to manage Identity-Aware Proxy for Compute Engine apps
IAP Client Libraries
REST API
Hosted sign-in page configuration interfaces
RPC API

Frequently asked questions and troubleshooting
Pricing
Release Notes
Getting Support
Billing questions
Known issues

Training and tutorials

Training

Security in Google Cloud

In this training course, you will learn about a variety of Google Cloud security controls and techniques. You'll explore the components of Google Cloud and deploy a secure solution on the platform. You'll also learn how to mitigate attacks at several points in a Google Cloud-based infrastructure, including distributed denial-of-service attacks, phishing attacks, and threats involving content classification and use.

Guides

Reference

Resources

Training and tutorials

Videos