[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],[],[[["\u003cp\u003eIdentity-Aware Proxy (IAP) can be enabled for various Google Cloud services like App Engine, Compute Engine, and GKE, as well as for on-premises applications.\u003c/p\u003e\n"],["\u003cp\u003eIAP facilitates user authentication and authorization, allowing for management of user access, sessions, and programmatic creation of OAuth clients.\u003c/p\u003e\n"],["\u003cp\u003eYou can use IAP for TCP forwarding to control access to administrative services and enhance security with VPC Service Controls.\u003c/p\u003e\n"],["\u003cp\u003eIAP supports integration with external identities, enabling features like custom sign-in pages, programmatic access to non-Google resources, and managing sessions with external providers.\u003c/p\u003e\n"],["\u003cp\u003eIAP's behavior can be customized, and it supports features such as Cloud Audit Logs, load balancer configuration, SAML attribute propagation, signed headers, and integration with Cloud Service Mesh, enhancing security and flexibility.\u003c/p\u003e\n"]]],[],null,["# How-to guides\n\nUsing Google identities\n\n- [### Enabling IAP for App Engine\n Use the Google Cloud console to enable IAP for App Engine.](/iap/docs/app-engine-quickstart#enabling_iap)\n- [### Enabling IAP for Compute Engine\n Use the Google Cloud console or gcloud command-line tool to enable IAP for Compute Engine.](/iap/docs/enabling-gce-howto)\n- [### Enabling IAP for GKE\n Use the Google Cloud console or gcloud command-line tool to enable IAP for GKE.](/iap/docs/enabling-gke-howto)\n- [### Enabling IAP for on-premises apps\n Secure an HTTP-based, on-premises app outside of Google Cloud with IAP.](/iap/docs/enabling-on-prem-howto)\n- [### Getting the user's identity\n Get a user's identity with IAP.](/iap/docs/identity-howto)\n- [### Managing user access\n Authorize users and groups to access resources protected by IAP.](/iap/docs/managing-access)\n- [### Managing IAP sessions\n Set up session refresh for your AJAX applications.](/iap/docs/sessions-howto)\n- [### Authenticating from a service account or mobile app\n Authenticate a service account or mobile app to access resources secured by IAP.](/iap/docs/authentication-howto)\n- [### Programmatically create OAuth clients\n Create OAuth clients in IAP programmatically via an API.](/iap/docs/programmatic-oauth-clients)\n- [### Setting up context-aware access\n Set up IAP to grant conditional access based on request context.](/iap/docs/cloud-iap-context-aware-access-howto)\n- [### Using IAP for TCP forwarding\n Use IAP to control who can access administrative services\n like SSH and RDP on your backends from the public internet.](/iap/docs/using-tcp-forwarding)\n- [### Securing IAP for TCP forwarding with VPC Service Controls\n Use VPC Service Controls to protect IAP for TCP forwarding and\n use IAP for TCP forwarding within a VPC Service Controls\nperimeter.](/iap/docs/securing-tcp-with-vpc-sc) \nUsing external identities\n\n- [### Enabling external identities\n Enable Identity-Aware Proxy for use with external identities.](/iap/docs/enable-external-identities)\n- [### Creating a sign-in page with FirebaseUI\n Build an authentication page using FirebaseUI.](/iap/docs/using-firebaseui)\n- [### Creating a custom sign-in page\n Create a fully customized authentication UI.](/iap/docs/create-custom-auth-ui)\n- [### Accessing non-Google resources programmatically\n Access external resources from code.](/iap/docs/access-external-resources)\n- [### Managing external identity sessions\n Refresh expired user credentials from an external provider.](/iap/docs/external-identity-sessions)\n- [### Using service accounts with external identities\nAuthenticate using service accounts with external identities.](/iap/docs/service-accounts-external-identities) \nOther how-to guides\n\n- [### Customizing IAP\n Customize the behavior of IAP.](/iap/docs/customizing)\n- [### Enabling Cloud Audit Logs\n Enable logging of resources secured by IAP.](/iap/docs/audit-log-howto)\n- [### Setting up an external HTTPS load balancer\n Set up IAP-compatible load balancing and firewall rules for Compute Engine\n instances.](/iap/docs/load-balancer-howto)\n- [### Configure SAML attribute propagation\n You can use this feature to propagate SAML attributes from an identity\n provider to applications protected by IAP.](/iap/docs/saml-attribute-propagation)\n- [### Securing your app with signed headers\n Secure your app with signed headers to provide extra assurance that a request to IAP is authorized.](/iap/docs/signed-headers-howto)\n- [### Restrict resource access to specific domains\n Restrict resource access to specific domains by configuring allowed domains.](/iap/docs/allowed-domains)\n- [### Using query parameters and headers\n Use IAP query parameters and headers to enhance and\n personalize your app.](/iap/docs/query-parameters-and-headers-howto)\n- [### Integrating IAP with Cloud Service Mesh\n Deploy a simple application on Cloud Service Mesh with a load balancer, and\n integrate with IAP.](/service-mesh/docs/iap-integration)"]]
