Identity Aware Proxy(IAP) in GCP

[Adam via StackOverflow]

You wouldn't technically need IAP if you've already got an app which is secured with proper authentication and authorization, though it still may be desirable. One reason is that IAP gives you the ability to configure individual access outside of your application, rather than needing to control ACLs internally in your app's code. The App Engine IAP quickstart has a good overview of how IAP config works for securing an app.

You can think of IAP as filling the role of a VPN while also giving you the flexibility of OAuth. It is mainly targeted towards perimeter security which is traditionally accomplished by using firewalls and VPNs to secure privileged network resources like intranets which are hosted on premises. IAP allows you to set up a cloud-hosted intranet in much the same way as you'd do on-premises, with access control handled at the perimeter by IAP. This is explained very well in the Google research paper "BeyondCorp - A New Approach to Enterprise Security".

Please DO NOT REPLY directly to this email but go to StackOverflow:
http://stackoverflow.com/questions/42903884/identity-aware-proxyiap-in-gcp/43160401#43160401