This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to Avoid Double Authentication for a Streamlit App on Cloud Run with IAP and Application-Level L

Posted on 01-16-2025 08:30 PM
Nikita_G
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I have deployed a Streamlit application on Cloud Run and configured it as an authenticated service. I have also set up Identity-Aware Proxy (IAP) for this Cloud Run service, where Okta is configured as the identity provider.

Currently, users need to log in twice: once via IAP (Okta login) and then again through the application-level login. This creates a poor user experience, as the second login is redundant for authenticated IAP users.

If a user has already been authenticated via IAP (Okta login), I want to bypass the application-level login and directly allow access to the Streamlit app.

My question:

  • Is there a way to configure the application so that it relies solely on IAP authentication and skips the application-level login?

Any guidance or suggestions would be greatly appreciated!

 

Solved Solved
0 3 290
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
NoCommandLine
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

If all of your users are going to (MUST) go via IAP, why not then deploy your cloud run service as a public instead of private?

 

   ......NoCommandLine ......
https://nocommandline.com
Analytics & GUI for App Engine,
Cloud Run & Datastore Emulator

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
NoCommandLine
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

If all of your users are going to (MUST) go via IAP, why not then deploy your cloud run service as a public instead of private?

 

   ......NoCommandLine ......
https://nocommandline.com
Analytics & GUI for App Engine,
Cloud Run & Datastore Emulator
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
harsh_nasit
Bronze 3
Bronze 3
In response to NoCommandLine
Reply posted on --/--/---- --:-- AM

What if I don't want all users but only some of the organization's users to access the application? @NoCommandLine 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
NoCommandLine
Bronze 3
Bronze 3
In response to harsh_nasit
Reply posted on --/--/---- --:-- AM

You can still use IAP. 

This documentation talks about authenticating end users versus internal users. It says to use IAP for internal users.

Here is documentation for enabling IAP for Cloud Run.

 

   ......NoCommandLine ......
<URL Removed by Staff>
Analytics & GUI for App Engine,
Cloud Run & Datastore Emulator
Jump to Solution
0 Likes