Identity-Aware Proxy

Never rebuild auth again

Protect your applications and APIs from unauthorized access without requiring a VPN or writing special code. Add authentication and authorization to your apps and APIs in just seconds by offloading authentication and authorization to ngrok’s network, powered by our global points of presence. Let ngrok’s IAP handle the heavy lifting of keeping your apps and APIs safe so you don’t have to.

Technical documentation

How it works

ngrok operates a global network to manage traffic to all your apps and APIs

Run a lightweight agent - distributed as an SDK, container, Kubernetes operator, or CLI.

Your apps and APIs get a URL endpoint.

You configure authn/authz policies.

Traffic from clients is routed through the ngrok cloud to the agent and then to your upstream service.

Authentication
BeyondCorp Security: Zero-Trust Ready
Leverage industry-standard protocols such as mTLS, OAuth, SAML, JWT, or OpenID Connect to authenticate your apps and APIs. Utilize widely-used federated authentication systems such as Okta, Azure AD, OneLogin, Ping, and more.

Authorization
Implement Fine-Grained Access Control
Enforce access for specific resources based on authorization constraints such as allowed emails or email domains. Implement granular access control for enhanced security. For example, you can use GitHub to authenticate users and grant your application the repo or user scopes to access your upstream service.

Policy Enforcement
Simple, flexible, idiomatic policy engine
Apply authentication and authorization policies using a powerful and flexible CEL and JSON-based traffic policy engine.

Frictionless secure access for Remote Workers
Ditch VPNs
Empower your employees to work from untrusted networks without the use of a VPN. Ensure secure access to apps with robust authentication and authorization.

Identity-Aware Proxy

Pay as you go

Ditch high upfront costs and pay only for the devices you use. Start small with prototypes and ramp up quickly without breaking the bank.

Get started for free

Batteries included

Typically, you need to stitch together many different solutions and tools such as API gateway, Kubernetes Ingress, DDoS protection to securely deliver your apps and APIs. With ngrok, you get all of that more out of the box:

Typically, you need to stitch together many different solutions and tools or write custom code to handle performance, security, observability, and availability requirements. With ngrok, you get all of that and more out of the box:

Kubernetes Ingress

Manage traffic to your Kubernetes clusters using our Ingress Controller or the new Gateway API that is role-oriented and expressive. Unlike other controllers, when you use ngrok you don’t need to configure any low-level networking primitives like IPs, VPC routing, egress gateways and network interfaces. Just helm install the ngrok Kubernetes Operator and you're online.

API Gateway

ngrok’s built-in API gateway enables secure and instant connectivity to APIs with just one command or one function call. Configure rate limiting, JWT validation using our simple, flexible, and idiomatic JSON and CEL-based traffic policy engine.

Observability

Troubleshoot issues in real-time by getting visibility into traffic flows and other events right in the dashboard. Or forward traffic logs to your favorite observability tool and audit logs of configuration changes to your SIEM.

DDoS Protection

Block unauthorized requests before they reach your services, safeguarding your infrastructure and network from attacks.

Global Acceleration

Your customers will enjoy a speed boost as ngrok pushes traffic policies that you configure to its global network. So authentication, transformations, load balancing and more happen as close to your customers as possible.