configuring-identity-aware-proxy-with-google-iap

Featured

Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Configuring Identity-Aware Proxy with Google IAP ## When to Use - When protecting Google Cloud applications (App Engine, Cloud Run, GKE, Compute Engine) with identity-based access - When implementing context-aware access requiring device posture and location verification - When providing secure access to internal tools without VPN or public IP exposure - When needing per-request authentication and authorization for web applications and TCP services - When configuring programmatic access to IAP-protected resources using service accounts **Do not use** for non-HTTP applications that cannot be placed behind an HTTPS load balancer, for public-facing applications that need unauthenticated access, or when applications handle their own authentication and IAP would conflict with existing auth flows. ## Prerequisites - Google Cloud project with billing enabled - IAP API enabled (`gcloud services enable iap.googleapis.com`) - Application deployed behind HTTPS Load Balancer, App Engine, or Cloud Run - Cloud Identity or Google Workspace for user management - Access Context Manager API enabled for access levels - OAuth consent screen configured for the project ## Workflow ### Step 1: Enable IAP on Backend Services Configure IAP for different GCP compute platforms. ```bash # Enable required APIs gcloud services enable iap.googleapis.com gcloud services enable accesscontextmanager.googleapis.com # Create OAuth consent screen gcloud iap oauth-brands create \ --application_title...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Google Cloud · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

implementing-zero-trust-with-beyondcorp

Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-beyondcorp-zero-trust-access-model

Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-zero-trust-network-access

Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation, continuous verification with conditional access policies, and replacing traditional VPN-based access with BeyondCorp-style architectures across AWS, Azure, and GCP.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-api-threat-protection-with-apigee

Implement API threat protection using Google Apigee policies including JSON/XML threat protection, OAuth 2.0, SpikeArrest, and Advanced API Security for OWASP Top 10 defense.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-google-workspace-sso-configuration

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.

12,642 Updated today
mukul975