layering differences aside, there's a fairly important security difference here:
Because the proxy is examining requests, it can authorize them, and provide data to the back-end about what user was authenticated. A VPN usually just gets you onto the network, and doesn't provide much if any data to the service being accessed about what user and application is connecting.
A VPN is generally invisible to both sides of the communication, so you can tack on extra security, but it's harder to have the applications actually rely on it for authn/authz guarantees. In practice this means you have to log in twice: Once to the VPN, and again to the application. There's some ways to make that invisible to the user, though.
Lets you have a whitelist of accounts per serivce. for example your HR payroll site can have IAP sitting in front of the site. IAP can only allow managers & hr access where-as the underlying system might not have this identity protection.
You can then have different whitelists per service.
Also IAP doesn't require the use of a VPN client. All one needs is a web browser with an internet connection. Giving your workers freedom to access corp assets just about anywhere.
VPNs are also much more expensive to maintain (good VPN hardware isn't cheap), introduce much more network latency and are another thing for help desk personnel to have to support (read: spend money supporting).
BeyondCorp/UberProxy is just a really complicated whitelist. That's it. Super simple.
Traditionally a VPN operates at the IP layer, while a proxy operates at the application layer. For example, a VPN will provide an IP route that you can send any kind of packets over, while an HTTP proxy speaks the actual HTTP protocol and makes HTTP requests on your behalf.
Because the proxy is examining requests, it can authorize them, and provide data to the back-end about what user was authenticated. A VPN usually just gets you onto the network, and doesn't provide much if any data to the service being accessed about what user and application is connecting.
A VPN is generally invisible to both sides of the communication, so you can tack on extra security, but it's harder to have the applications actually rely on it for authn/authz guarantees. In practice this means you have to log in twice: Once to the VPN, and again to the application. There's some ways to make that invisible to the user, though.