Prerequisites
CLB instances have been created and displayed in the IAP application management list. If you need to create a CLB instance, see Creating CLB Instances. OIDC SSO has been configured in the IAP console. If you need to configure it, see SSO Configuration. Enabling IAP
2. In the left sidebar, select Application Management.
3. On the Application Management page, select the CLB resource name or ID for which you want to enable IAP, and then click Show.
4. After selecting a listener, click the IAP enabling button for the corresponding URL resource.
5. In the IAP pop-up window, select a base policy.
Allow by Default: When an IAP exception occurs, resource access requests initiated by this URL will be allowed.
Reject by Default: When an IAP exception occurs, resource access requests initiated by this URL will be rejected.
6. Click OK to enable the IAP feature.
After IAP is enabled, it will request login credentials from connection requests of the CLB. Only accounts with permissions can access the resources.
Configuring Permissions
1. In the IAP console, click Configure Permissions to enter the Policies menu of the CAM console. In the Create by Policy Generator section, create a custom policy.
Viewing Permissions
1. In the IAP console, click View Permissions to enter the Policies menu of the CAM console.
2. On the Policies page, click Custom Policies to view the configured custom policies.
Was this page helpful?