Identity-Aware Proxy (IAP) is a security service in Google Cloud Platform that controls access to applications and VMs based on user identity and context, implementing a zero-trust model.

Key Features

• Single Point of Control: Manages user access to web applications and cloud resources.
• Multi-Cloud Support: Protects applications hosted on Google Cloud, other clouds, and on-premises.
• TCP Forwarding: Secures SSH and RDP access to VMs without public IP addresses.
• Context-Aware Access: Uses attributes like user identity, device security status, and IP address for access decisions.
• Integration with Identity Providers: Seamlessly integrates with Google Workspace and Cloud Identity.

Benefits

• Simplified Administration: Reduces complexity for cloud admins by streamlining access management.
• Enhanced Security: Implements granular access-control policies and supports multi-factor authentication.
• Flexible Remote Access: Allows secure access from anywhere without VPNs.