Identity-Aware Proxy

GCPSecurityFree tier available

Zero Trust access broker that enforces identity-based access control for HTTPS web apps, SSH/RDP to Compute Engine, and on-prem apps via Cloud VPN, replacing VPN-based access with per-request identity verification against Google Workspace or Cloud Identity

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore GCP in TreemapExplore security in Honeycomb
DocumentationPricing

Attributes

Identity Aware
Yes

Sub-services (3)

IAP for Web Apps

Identity-based access to HTTPS apps on App Engine, Cloud Run, and GKE

IAP TCP Forwarding

Bastion-less SSH and RDP access to Compute Engine via an IAP-brokered tunnel

IAP for On-Prem

Apply IAP policies to on-premises apps reachable via Cloud VPN or Interconnect

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

44 regions
28 countries
2sovereign
Sovereign regions (2)
  • T-Systems Sovereign Cloud · FrankfurtT-Systems Sovereign Cloud powered by Google Cloud
  • S3NS Sovereign Cloud · ParisS3NS — Google Cloud + Thales joint venture
Commercial regions (42)

Europe (13)

  • Belgium
  • Finland
  • Paris
  • Berlin
  • Frankfurt
  • Milan
  • Turin
  • Netherlands
  • Warsaw
  • Madrid
  • Stockholm
  • Zurich
  • London

North America (12)

  • Montréal
  • Toronto
  • Querétaro
  • Northern Virginia
  • Columbus
  • Iowa
  • Dallas
  • Las Vegas
  • Los Angeles
  • South Carolina
  • Salt Lake City
  • Oregon

South America (2)

  • São Paulo
  • Santiago

Asia (9)

  • Hong Kong
  • Delhi
  • Mumbai
  • Jakarta
  • Osaka
  • Tokyo
  • Singapore
  • Seoul
  • Taiwan

Oceania (2)

  • Melbourne
  • Sydney

Middle East (3)

  • Tel Aviv
  • Doha
  • Dammam

Africa (1)

  • Johannesburg

Tags

ztnazero-trustidentity-awarevpn-replacementsecurity

Equivalent services on other platforms

AWS Verified AccessAWS

Zero Trust Network Access (ZTNA) service that delivers secure VPN-less access to corporate applications using identity providers (IAM Identity Center, Okta, Ping, JumpCloud) combined with device-posture signals from Jamf and CrowdStrike to enforce fine-grained per-request authorisation

Microsoft Entra IDAzure

Cloud identity and access management (formerly Azure AD) with SSO, MFA, conditional access, B2B and B2C guest accounts, and privileged identity management

Cloudflare Zero TrustCloudflare

SASE platform with Access, Gateway, and DLP for secure remote access

Pricing

Pricing model:free