Re: Google Cloud IAP

ewuraba · 12-30-2023 04:28 AM

What is the equivalent "access control tab" in IAP(Identity Aware Proxy) for the new google cloud console? I want to be able to set allow and deny actions for different parts of a domain.

#cloudsecurity #IdentityAwareProxy #IAP #cloudIAP

lawrencenelson

Hi @ewuraba,

You may refer to this documentation for more info - Managing access in the Google Cloud console.

Add access

Go to the Identity-Aware Proxy page.

Select the resource you want to secure with IAP. The following resource selections secure a set group of resources:

All Web Services: All resources in the project will be secured. Note that this is not the same as granting project level access with the IAM admin page. A user granted the IAP Policy Admin role at the All Web Services resource level will only have permissions to IAP policies.

Backend Services: All backend services will be secured.

On the right side Info panel, add the email addresses of groups or individuals to whom you want to grant an Identity and Access Management (IAM) role for the resource.

Apply access policy roles to the principal by selecting from the following roles in the Select a role dropdown:

Owner: Grants the same access as IAP Policy Admin. Use the IAP Policy Admin role instead. This role only allows modifying policies, and doesn't grant access to the app.

IAP Policy Admin: Grants administrator rights over IAP policies.

IAP-Secured Web App User: Grants access to the app and other HTTPS resources that use IAP.

Security Reviewer: Grants permission to view and audit IAP policies.

When you're finished adding email addresses and setting roles, click Add

I hope this helps. Thank you.

ewuraba

Not quite. How does it determine web services?
Say I want to allow access to example.com/ urls
and secure access to example.com/docs/*
or example.com/something-here/*