Release 2.38 introduces the following new features:
-
Workforce identity: IAP Desktop now supports workforce identity federation as an alternative way to sign in to IAP Desktop.
-
Easier reauthentication: When your session expires, IAP Desktop no longer requires you to grant consent for multiple OAuth scopes, making it quicker and easier to reauthenticate.
-
Private service connect: You can now let IAP Desktop connect to Google Cloud APIs through Private Service Connect (PSC). You can use PSC to connect from corporate networks that have Cloud VPN/Interconnect access to Google Cloud, but might otherwise have limited internet access. #1028.
-
SSH rsa-sha2-512 and rsa-sha2-256 authentication: When you configure IAP Desktop to use an RSA key for SSH public key authentication, the application now defaults to using
rsa-sha2-512orrsa-sha2-256instead of the deprecatedrsa-sshalgorithm. -
Port forwarding: You can now create custom tunnels by right-clicking a VM and selecting Connect client application > Forward local port. Port forwarding is an alternative to registering a custom client application and doesn't require any extra configuration. On multi-user systems such as RDS farms, IAP Desktop only allows applications from the same session to connect. #936
-
SQL Server Management Studio: When you connect to a VM using SSMS, Object Explorer now shows the name of the VM you're connected to. #1071.
-
Data sharing: To help us improve and prioritize features, you can now optionally allow IAP Desktop to collect and share usage data. Data sharing is disabled by default for all users.
-
VPC-SC: When accessing a VM failes because of a VPC service control policy, the error message now includes a troubleshooting ID and a link to the troubleshooting tool.
-
Updated group policy templates: You can now use Active Directorg group policies to manage Private Service Connect and and workforce identity federation settings across endpoints.
-
Secure Cloud Console: When you've enabled BeyondCorp certificate-based access, all links to the Cloud Console now use the secure Cloud Console (
console-secure.cloud.google.com).
Additional notes:
- Google Cloud is changing the default session length to 16 hours for existing Google Cloud customers. This change affects IAP Desktop and as a result, you might soon have to re-authenticate more often.
- Workforce identity federation is subject to certain limitations and currently doesn't support OS Login.
- Future releases of IAP Desktop will require .NET 4.7 or later (instead of .NET 4.6.2). This change is expected to have minimal impact.
- Future releases of IAP Desktop might only be made available for 64-bit versions of Windows.