Google has recently enabled centralised load balancing with cross project service referencing.
I have successfully implemented a shared VPC with the regional load balancer in a Host project. The load balancer works in handing traffic off into a sub project backend. This is all good.
Previously I had been using a global load balancer and was able to use Identity Aware Proxy on this service backend. Now that things are restructured, the option to use IAP has disappeared.
I am not sure whether this is a limitation of the cross project style of load balancing or whether I am missing something. The backend service in question is serverless Cloud Run.
I have tried looking at various options in the load balancer setup, backend setup, shared VPC setup but nothing seems obvious. Also reviewed the documentation, the feature being relatively new, there isn't much written on it yet.