What should you configure to ensure that your web application is accessible only to company employees while minimizing application changes?

To ensure that a web application is accessible only to company employees while minimizing changes to the application itself, the correct approach is to configure a Compute Engine instance that requests users to log in to their corporate accounts. This method uses existing corporate authentication mechanisms, allowing users to access the application using their company credentials.

By leveraging a Compute Engine instance, the organization can set up an authentication layer where users are required to log in. This approach does not mandate extensive modifications to the application code; rather, it acts as a gatekeeper that limits access based on user credentials.

This method provides a straightforward solution because it integrates well with existing corporate identity solutions, efficiently controlling access without requiring significant rework of the application or its architecture. Additionally, this helps maintain the application's integrity, ensuring it continues to function as intended for authenticated users.

In contrast, the other approaches, such as checking authentication credentials for each HTTP(S) request or configuring Identity-Aware Proxy, may lead to more extensive application changes or complexities in managing access control. The need to modify application logic or dependencies could result in potential security vulnerabilities or unnecessary overhead in application management.