I was learning about IAP in GCP, which is used for authentication and authorization to GCP hosted apps.
Thoughts
Even before IAP was introduced in GCP, users could be authenticated and authorized using login credentials and google IAM policies.
Okay, IAP replaces VPN, users can work from untrusted networks.
Query
Please correct me if i am thinking wrong.
But if my app./resource is hosted in GCP, than it is accessible publicly with proper authentication and authorization, there is obviously no need of VPN. In this scenario, what is the significance of IAP.
What is the new thing in IAP, as IAP also does the same thing for authentication and authorization?