How can I enable IAP for a service behind an k8s ingress LoadBalancer?

I want to add IAP to my service which is running on a k8s cluster which runs behind an ingress created via k8s itself.
In Google Cloud Console there is a simple toggle to do that, but as far as I can see, there is no Terraform resource for actually activating IAP for a service. I can only see policy resources…

Am I missing something or is this simply not possible?