On Premise
Enabling IAP for on-premises apps | Identity-Aware Proxy | Google Cloud
This feature is available only as part of a paid enterprise security subscription. You can Note: sign up if interested. This guide explains how to secure an HTTP or HTTPS based, on-premises app outside of Google Cloud with Identity-Aware Proxy (IAP) by deploying an IAP connector.
https://cloud.google.com/iap/docs/enabling-on-prem-howto
Identity-Aware Proxy for On-Prem applications | MrTrustor's shiny blog
Edit: Added a note about JWT header validation. I have a couple internal systems that I run at home, and that I want to be able to access from outside. I want only my partner and myself to be able to access those systems, and I want that access to be as transparent as possible for her.
https://blog.mrtrustor.net/post/iap-on-prem/