google cloud platform - How to enable IAP on a subdomain in App Engine?

Question

I wanted to know whether it is possible to enable IAP OAuth for App Engine but for a subdomain or a subfolder. I have already enabled it for the domain, but I don't want it to show up for the entire website. For example: I want to use IAP secured login on admin.website.com but users to website.com should be able to access it without any issues. It is also okay if this can be done for website.com/admin (I suppose enabling on website.com/admin is a lot easier too)

(Website name changed for privacy)

question from:https://stackoverflow.com/questions/65661512/how-to-enable-iap-on-a-subdomain-in-app-engine

Answer 1

You can activate or deactivate IAP (deactivate means grant allUsers with IAP-Secured Web App User role) per service. It's the finest granularity, you can't deactivate it by URL path.