Identity Aware Platform (IAP) enables you to establish a central authentication layer for resources accessed through HTTPS. When IAP is enabled, only users with permissions can access the resources requested through HTTPS, while users without permissions cannot access them.
How It Works
If a resource is protected by IAP, it can be accessed only by users with the correct Cloud Access Management (CAM) permissions. If a user tries to access a resource protected by IAP, IAP will perform identity verification and authorization checks.
Identity Recognition
Requests for accessing Tencent Cloud resources are passed in through HTTP(S) CLB. The backend service will check whether the application has enabled IAP. If IAP is enabled, the relevant information of the protected resources will be sent to the IAP server. Therefore, the request header contains the information such as request URL and IAP credentials.
When IAP checks a user's identity credentials, the user will be redirected to the OIDC SSO process for login with the IdP enterprise identity.
After the enterprise identity verification is passed, IAP will check the user's CAM identity. If the user identity recognition succeeds, IAP will perform authentication in the next step.
Authentication
After the identity recognition is completed, IAP will check through CAM policies whether the user has permissions to access the requested resource.
Features
Identity Verification and Authentication
You can use IAP to perform user identity verification and authentication for protected resources.
Enhanced Security
Administrators can specify user identities and resources to develop and implement elaborate access control policies.
Simplified Work
You can access IAP-protected applications by entering a URL accessible from the Internet in a web browser, without using a VPN client.
Was this page helpful?