2

I wanted to know whether it is possible to enable IAP OAuth for App Engine but for a subdomain or a subfolder. I have already enabled it for the domain, but I don't want it to show up for the entire website. For example: I want to use IAP secured login on admin.website.com but users to website.com should be able to access it without any issues. It is also okay if this can be done for website.com/admin (I suppose enabling on website.com/admin is a lot easier too)

(Website name changed for privacy)

Antariksh Pratham
  • 29
  • 4

1 Answers1

0

You can activate or deactivate IAP (deactivate means grant allUsers with IAP-Secured Web App User role) per service. It's the finest granularity, you can't deactivate it by URL path.

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • Yeah I have done that already. But I wanted to have IAP enabled on only a subdomain. Now I understand why you asked about different services. I am not sure how App Engine is supposed to handle subdomains I just thought adding them in app.yaml should create a subdomain – Antariksh Pratham Jan 11 '21 at 15:10
  • So what I wanted is let us say that I have a subdomain that has the test version of the website but the test version is not something I want everyone to have access too. At present when I enable IAP (using same instructions which you gave) it is enabled for the entire website. So the entire website gets restricted. I wanted to know if there is a way to enable IAP for just a subdomain and not the entire website. That way only one small subdomain is restricted access – Antariksh Pratham Jan 11 '21 at 15:12
  • So, you can't! It's not possible. – guillaume blaquiere Jan 11 '21 at 15:38
  • Okay thank you for your time and your help – Antariksh Pratham Jan 11 '21 at 15:48