Google Workspace (DWD) MCP for AI agents | Service Account connector

CALL ANY TOOL

List and manage users, groups, org units, and admin policies across the Google Workspace domain.

gws_users_list

List users

List all users in the domain with optional query and projection filters.

Parameters

Name

Type

Required

Description

domain

string

Required

Google Workspace domain

query

string

Optional

Search query (e.g. givenName:Jane)

max_results

integer

Optional

Max users to return

gws_user_get

Get user

gws_groups_list

List groups

gws_group_members_list

List group members

gws_user_suspend

Suspend user

gws_org_units_list

List org units

Build your Agent

Drop the toolkit in, point it at the user, and your workspace admin agent can use Google Workspace (DWD) from the first run.

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import { DynamicStructuredTool } from "@langchain/core/tools";
import { createReactAgent } from "@langchain/langgraph/prebuilt";
import { z } from "zod";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["googleworkspacedwd"], toolNames: ["gws_users_list", "gws_user_get", "gws_groups_list"] },
  pageSize: 100,
});

const lcTools = tools.map((t) => new DynamicStructuredTool({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  schema: z.object({}).passthrough(),
  func: async (args) => {
    const { data } = await sk.tools.executeTool({
      toolName: t.tool.definition.name,
      identifier: "user_123",
      params: args,
    });
    return JSON.stringify(data);
  },
}));

const agent = createReactAgent({ llm, tools: lcTools });

Copied

import { ScalekitClient } from "@scalekit-sdk/node";
import OpenAI from "openai";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const openai = new OpenAI();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["googleworkspacedwd"], toolNames: ["gws_users_list", "gws_user_get", "gws_groups_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  type: "function",
  function: {
    name: t.tool.definition.name,
    description: t.tool.definition.description,
    parameters: t.tool.definition.input_schema,
  },
}));

const resp = await openai.responses.create({
  model: "gpt-4o", input: prompt, tools: llmTools,
});

import { ScalekitClient } from "@scalekit-sdk/node";
import Anthropic from "@anthropic-ai/sdk";

const sk = new ScalekitClient(envUrl, clientId, clientSecret);
const anthropic = new Anthropic();

const { tools } = await sk.tools.listScopedTools("user_123", {
  filter: { connectionNames: ["googleworkspacedwd"], toolNames: ["gws_users_list", "gws_user_get", "gws_groups_list"] },
  pageSize: 100,
});

const llmTools = tools.map((t) => ({
  name: t.tool.definition.name,
  description: t.tool.definition.description,
  input_schema: t.tool.definition.input_schema,
}));

const msg = await anthropic.messages.create({
  model: "claude-sonnet-4-6", max_tokens: 1024,
  tools: llmTools,
  messages: [{ role: "user", content: prompt }],
});

Copied

import { Agent } from "@google/adk/agents";
import {
  MCPToolset, StreamableHTTPConnectionParams,
} from "@google/adk/tools/mcp";

const toolset = new MCPToolset({
  connectionParams: new StreamableHTTPConnectionParams({
    url: "https://mcp.scalekit.com/googleworkspacedwd",
    headers: { Authorization: `Bearer ${userScopedToken}` },
  }),
});

const agent = new Agent({
  name: "agent", model: "gemini-2.0-flash",
  tools: await toolset.getTools(),
});

Try these prompts

Paste any prompt into your agent to start using Google Workspace (DWD).

Users & groups

Copy the prompt

Copied

List all users in [org unit].

Copy the prompt

Copied

Get profile for [email].

Copy the prompt

Copied

List groups in [domain].

Copy the prompt

Copied

Who are the members of [group email]?

Admin & security

Copy the prompt

Copied

List all suspended users.

Copy the prompt

Copied

Suspend user [email].

Copy the prompt

Copied

Find users with no 2FA enabled.

Copy the prompt

Copied

List all admin accounts in the domain.

Org & reporting

Copy the prompt

Copied

List all org units under [OU path].

Copy the prompt

Copied

How many users are in [domain]?

Copy the prompt

Copied

Which users were added this month?

Copy the prompt

Copied

Find users whose accounts expire this week.

SEE HOW AUTH WORKS

Users authorize Google Workspace (DWD) once. Their credentials stay vaulted, every call is checked, and every action is logged.

1

Authorize

Your user connects

Google Workspace

once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access

Who:

user ‘A’

when:

Once per user

access:

Limited to user

2

Store

Their

Google Workspace

token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection

vault:

encrypted

scope:

per-user

tokens:

auto-refreshed

3

Resolve

When your agent calls a

Google Workspace

tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs

speed:

~40ms

check:

before every call

seen by:

nobody

4

Audit

Every

Google Workspace

tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it

history:

90 days

export:

SIEM-ready

logged:

every call

Test other agents

Same per-user auth pattern across other workspace admin agents and MCP connectors. Working code, live demos, fork what fits.

SUPPORT

Support triage agent

Read Zendesk tickets, fetch runbooks from Notion, and route to the right Slack channel with a drafted response.

ENGINEERING

DevOps assistant agent

Triage GitHub incidents, open Linear tickets, and notify the on-call channel in Slack with context already attached.

Why Scalekit

Secure your agent's access. Connectors ship in minutes

Other connector libraries treat auth as a demo afterthought. Scalekit starts with user identity, scope enforcement, and audit.

01.

Shared tokens break per-user analytics

A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential so attribution, audit, and scope stay accurate.

// shared token
 audit → bot_service_account
 user_filter → broken

 // scalekit
 audit → user_abc
 scope → enforced ✓

02.

Authentication is not authorization

03.

Multi-tenancy is architectural

04.

Google Workspace (DWD) today. Others tomorrow.

“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”

Venu Madhav Kattagoni

Head of Engineering / Von

FAQs

Frequently Asked Questions

Does the agent access Google Workspace (DWD) as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the Google Workspace (DWD) service account stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in Google Workspace (DWD)?
Yes. Pass a tool name filter to listScopedTools so the workspace admin agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches Google Workspace (DWD).

What happens when a user revokes Google Workspace (DWD) access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

How are domain-wide delegation scopes controlled?
Scopes are configured in Google Admin Console by your workspace admin. Scalekit only impersonates users within those granted scopes. No scope beyond what was configured at setup is ever called.

Google Workspace

Tools your workspace admin agent reaches for on Google Workspace (DWD), scoped per user.