Overview#Identity Aware Proxy (IAP) is an Access Proxy that performs Access Control by Digital Identity. 
Identity Aware Proxys are simpler and safer than VPN and is a building block for BeyondCorp (see Access Proxy). The Identity Aware Proxy is a Policy Enforcement Point and a Single Sign-On Access Proxy
Authorization of a request requires the Identity Aware Proxy obtains data about the Digital Identity the user and the Digital Identity of the device making the request. In Policy Based Management System the data would be obtained from a Policy Information Point.
When using Google Cloud Platform there is no charge for using Identity Aware Proxy. However, when used with Google Compute Engine, the required Load Balancing and firewall configuration may incur additional costs.