Cloud Identity-Aware Proxy (Cloud IAP) provides a way to control access to your web applications and resources running on Google Cloud. It works by verifying the identity of a user trying to access the application and supports multi-factor authentication (MFA). Cloud IAP can restrict access to users on the corporate network and also supports access over the internet securely.

Steps:

Enable Cloud IAP: In the Google Cloud Console, navigate to the IAP section and enable IAP for your web application.

Configure OAuth Consent Screen: Set up the OAuth consent screen to manage how users grant access.

Set Up Authentication: Use Google Identity Platform to manage users and enable two-factor authentication.

Add Users: Grant users access to the application by adding their identities in the IAP settings.