Launch from a web browser

Required roles

To follow the steps in this guide, you need the following roles:

IAP-Secured Tunnel User on the project or VM.

You can launch IAP Desktop from within a web browser by using iap-rdp:/// links.

Enable the browser integration feature

The browser integration feature is disabled by default. To enable it, do the following:

Open IAP Desktop.
Go to Tools > Options
On the General tab, set Allow launching IAP Desktop from a web browser to enabled.

Connect by URL

You can now open IAP Desktop and connect to a VM by pointing your browser to a iap-rdp:/// URL such as:

iap-rdp:///project-id/zone-id/instance-name

Where:

project-id is the ID of the project, for example my-project-123.
zone-id is the ID of the zone a VM is running in, for example us-central1-a.
instance-name is the name of the VM instance, for example my-instance-1.

Note

Instead of a triple-slash, you can also use a single slash: iap-rdp:/project-id/zone-id/instance-name.

Parameters

Optionally, you can add additional parameters to the URL to customize the connection behavior:

iap-rdp:///my-project-123/us-central1-a/my-instance-1?Username=bob&DesktopSize=1

The following parameters are supported:

Parameter	Value
`Username`	Windows username (SAM format)
`Domain`	Domain (NetBIOS format)
`RdpPort`	RDP port the server is listening on. Use this parameter if you've configured Windows to use a listening port other than 3389 .
`ConnectionBar`	Controls whether the connection bar is shown in full-screen mode: `0` - automatically hide (default) `1` - pinned `2` - off
`DesktopSize`	Controls the remote desktop resolution/size: `0` - same as client size `1` - same as screen size `2` - automatically adjust (default)
`ColorDepth`	Controls the color depth of the remote desktop: `0` - high color `1` - true color (default) `2` - deep color
`AudioMode`	Controls how audio is played: `0` - play locally (default) `1` - play on server `2` - do not play
`RedirectClipboard`	Controls whether clipboard contents are shared with remote desktop: `0` - disabled `1` - enabled (default)
`RdpRedirectPrinter`	Controls whether local printers are shared with remote desktop: `0` - disabled (default) `1` - enabled
`RdpRedirectSmartCard`	Controls whether local smart cards are shared with remote desktop: `0` - disabled (default) `1` - enabled
`RdpRedirectPort`	Controls whether local ports are shared with remote desktop: `0` - disabled (default) `1` - enabled
`RdpRedirectDrive`	Controls whether local drives are shared with remote desktop: `0` - disabled (default) `1` - enabled
`RdpRedirectDevice`	Controls whether local devices are shared with remote desktop: `0` - disabled (default) `1` - enabled
`RdpHookWindowsKeys`	Controls whether the remote desktop handles Windows shortcuts (like Win+X): `0` - never `1` - always `2` - only when set to full-screen (default)
`CredentialGenerationBehavior`	Controls whether the user is offered to generate new credentials when connecting: `0` - allow generating new credentials `1` - allow generating new credentials if no existing credentials found (default) `2` - do not allow generating new credentials `3` - force user to generate new credentials The parameter is ignored when you use `CredentialCallbackUrl`.
`CredentialCallbackUrl`	Callback URL for Windows logon credentials. When provided, IAP Desktop sends an HTTP `GET` request to this URL and expects a response in the following format: { Domain: "domain", User: "user", Password: "password" } IAP Desktop then uses these credentials to automatically log on the user. The response must use the content type `application/json`. Use URL signing or similar mechanisms to ensusre that callback URLs can only be retrieved once, or stay valid for a limited period of time only.

Limitations

URLs can't contain Windows passwords. To automatically log on users, specify a CredentialCallbackUrl.
Connecting to VM instances from within a web browser is currently not supported for SSH.

What's next

Read more about connect to Windows VMs by using Remote Desktop
Learn how you can connect to Linux VMs by using SSH