Identity-Aware Proxy
Protect your applications and APIs from unauthorized access without requiring a VPN or writing special code. Add authentication and authorization to your apps and APIs in just seconds by offloading authentication and authorization to ngrok’s network, powered by our global points of presence. Let ngrok’s IAP handle the heavy lifting of keeping your apps and APIs safe so you don’t have to.
How it works
Run a lightweight agent - distributed as an SDK, container, Kubernetes operator, or CLI.
Your apps and APIs get a URL endpoint.
You configure authn/authz policies.
Traffic from clients is routed through the ngrok cloud to the agent and then to your upstream service.
- Authentication
- BeyondCorp Security: Zero-Trust Ready
- Leverage industry-standard protocols such as mTLS, OAuth, SAML, JWT, or OpenID Connect to authenticate your apps and APIs. Utilize widely-used federated authentication systems such as Okta, Azure AD, OneLogin, Ping, and more.
- Authorization
- Implement Fine-Grained Access Control
- Enforce access for specific resources based on authorization constraints such as allowed emails or email domains. Implement granular access control for enhanced security. For example, you can use GitHub to authenticate users and grant your application the
repooruserscopes to access your upstream service.
- Policy Enforcement
- Simple, flexible, idiomatic policy engine
- Apply authentication and authorization policies using a powerful and flexible CEL and JSON-based traffic policy engine.
- Frictionless secure access for Remote Workers
- Ditch VPNs
- Empower your employees to work from untrusted networks without the use of a VPN. Ensure secure access to apps with robust authentication and authorization.
Identity-Aware Proxy
Ditch high upfront costs and pay only for the devices you use. Start small with prototypes and ramp up quickly without breaking the bank.
Batteries included
Manage traffic to your Kubernetes clusters using our Ingress Controller or the new Gateway API that is role-oriented and expressive. Unlike other controllers, when you use ngrok you don’t need to configure any low-level networking primitives like IPs, VPC routing, egress gateways and network interfaces. Just helm install the ngrok Kubernetes Operator and you're online.
ngrok’s built-in API gateway enables secure and instant connectivity to APIs with just one command or one function call. Configure rate limiting, JWT validation using our simple, flexible, and idiomatic JSON and CEL-based traffic policy engine.
Troubleshoot issues in real-time by getting visibility into traffic flows and other events right in the dashboard. Or forward traffic logs to your favorite observability tool and audit logs of configuration changes to your SIEM.
Block unauthorized requests before they reach your services, safeguarding your infrastructure and network from attacks.
Your customers will enjoy a speed boost as ngrok pushes traffic policies that you configure to its global network. So authentication, transformations, load balancing and more happen as close to your customers as possible.
Let us know how we can solve your challenges.
Live demos of ngrok features, and chat with the ngrok team to get your questions answered.
