xbill for Google Developer Experts

Posted on May 11 • Originally published at xbill999.Medium on May 11

MCP Configuration for Google Workspace with Gemini CLI

#googleworkspace #oauth2 #mcps #gemini

This article covers the MCP setup and configuration for using Google Workspace and underlying Gemini LLM with Gemini CLI to enhance and extend Workspace operations over MCP.

What is Google Workspace?

Google Workspace (formerly G Suite) is a cloud-based, subscription-driven productivity and collaboration suite developed by Google, designed for businesses, schools, and organizations. It bundles essential tools — like Gmail, Drive, Docs, Meet, and Calendar — using a custom domain, offering enhanced security, administrative controls, and shared cloud storage.

More details are here:

Google Workspace: Secure Online Productivity & Collaboration Tools

Google Workspace? Isn’t MCP overkill?

Native MCP support in Google Workspace opens up new use cases and flexibility with the entire Workspace suite.

As of the date writing this- Google Workspace MCP support is in Developer Preview. You can sign up for access to the Developer Preview here:

Google Workspace Developer Preview Program | Google for Developers

What is MCP?

Unless you have been living off grid without Internet- MCP is the new universal connector and next “Big Thing”.

More information is here:

What is Model Context Protocol (MCP)? A guide

Google MCP Strategy

Google has gone all-in for all the core Cloud services to provide connections over MCP. An overview is here:

Google Cloud MCP servers overview | Google Cloud Documentation

Gemini CLI

If not pre-installed you can download the Gemini CLI to interact with the source files and provide real-time assistance:

npm install -g @google/gemini-cli

Testing the Gemini CLI Environment

Once you have all the tools and the correct Node.js version in place- you can test the startup of Gemini CLI. You will need to authenticate with a Key or your Google Account:

▝▜▄ Gemini CLI v0.33.1
    ▝▜▄
   ▗▟▀ Logged in with Google /auth
  ▝▀ Gemini Code Assist Standard /upgrade no sandbox (see /docs) /model Auto (Gemini 3) | 239.8 MB

Google Skills Repository

Google Skills give your MCP client well known approaches to work with the core Google products.

The full details are here:

Level Up Your Agents: Announcing Google's Official Skills Repository | Google Cloud Blog

To install the Skills in Gemini CLI:

npx skills install github.com/google/skills

What you talkin ‘bout Willis?

That was a lot of setup! But wait- there is more! So what is different about this lab compared to all the others out there?

This demo is one of the first deep dives into configuring Workspace for MCP. Gemini CLI provides a complete working environment with a full MCP client. Google Workspace exposes the key features of the platform over the MCP layer.

Where do I start?

The strategy for configuring Workspace with MCP is a incremental step by step approach.

First, the Workspace configuration settings are updated. Then, these settings are used to configure Gemini CLI. Finally- Gemini CLI is used as a MCP client to the Workspace environment. Several samples are run using the Workspace MCP Tools directly from Gemini CLI.

Sample CodeLabs

Several Code Labs have been developed to step through Google Workspace MCP configuration. A sample is here:

Google Workspace MCP servers in Antigravity | Google Codelabs

and here:

Get started with Google Workspace MCP and Gemini CLI | Google Codelabs

Workspace Developer Tools

Developer Tools are provided to enable working with Google Workspace:

Google Workspace Developer Tools | Google for Developers

To install:

xbill@penguin:~/workspace$ gemini extensions install \
  "https://github.com/googleworkspace/developer-tools"
Installing extension "google-workspace-developer-tools".
This extension will run the following MCP servers:
  * workspace-developer (remote): https://workspace-developer.goog/mcp

The extension you are about to install may have been created by a third-party developer and sourced from a public repository. Google does not vet, endorse, or guarantee the functionality or security of extensions. Please carefully inspect any extension and its source code before installing to understand the permissions it requires and the actions it may perform.
Do you want to continue? [Y/n]: 
Extension "google-workspace-developer-tools" installed successfully and enabled.
xbill@penguin:~/workspace$

MCP for Workspace Setup

MCP is available in the core Workspace setup. A getting started guide is available here:

Configure the Google Workspace MCP servers | Google for Developers

Setup the Basic Gemini CLI Environment

At this point you should have a working Shell environment and a working Gemini CLI installation. All of the relevant code examples and documentation is available in GitHub.

The next step is to clone the GitHub repository to your local environment:

cd ~
git clone https://github.com/xbill9/workspace-mcp
cd workspace-mcp

Then run init.sh from the cloned directory.

The script will attempt to determine your shell environment and set the correct variables:

source init.sh

If your session times out or you need to re-authenticate- you can run the set_env.sh script to reset your environment variables:

source set_env.sh

Variables like PROJECT_ID need to be setup for use in the various build scripts- so the set_env script can be used to reset the environment if you time-out.

Oauth Configuration

The Google Workspace MCP servers use OAuth 2.0 for secure authentication. You must configure an OAuth consent screen and create a Desktop application client.

Set up the OAuth Consent Screen

The Google Workspace MCP servers use OAuth 2.0 for authentication. You must configure the consent screen first.

In the Google Cloud console, go to Google Auth Platform > Branding. Click Get Started if not configured.

Configure App Information:

App name: Google Workspace MCP Servers
User support email: Select your email.

Configure Audience: Select Internal (or External if Internal is not available):

Configure Contact Information: Enter your email address.

Review and agree to the User Data Policy, then click Create.

If you selected External, go to Audience and add your email under Test users.

Oauth Scopes

Go to Data Access > Add or Remove Scopes. Under Manually add scopes, add the following for the servers you want to use:

Create an OAuth Client ID

Go to Google Auth Platform > Clients > Create Client.

Select Desktop app as the application type. Name it Gemini CLI:

Click Create and copy the Client ID and Client Secret. You will need these in the next step. (the actual values have been hidden)

Gemini CLI Settings

Here is the sample Gemini CLI setup:

{
  "mcpServers": {
    "gmail": {
      "httpUrl": "https://gmailmcp.googleapis.com/mcp/v1",
      "oauth": {
        "enabled": true,
        "clientId": "${CLIENT_ID}",
        "clientSecret": "${CLIENT_SECRET}",
        "scopes": [
          "https://www.googleapis.com/auth/gmail.readonly",
          "https://www.googleapis.com/auth/gmail.compose"
        ]
      }
    },
    "drive": {
      "httpUrl": "https://drivemcp.googleapis.com/mcp/v1",
      "oauth": {
        "enabled": true,
        "clientId": "${CLIENT_ID}",
        "clientSecret": "${CLIENT_SECRET}",
        "scopes": [
          "https://www.googleapis.com/auth/drive.readonly",
          "https://www.googleapis.com/auth/drive.file"
        ]
      }
    },
    "calendar": {
      "httpUrl": "https://calendarmcp.googleapis.com/mcp/v1",
      "oauth": {
        "enabled": true,
        "clientId": "${CLIENT_ID}",
        "clientSecret": "${CLIENT_SECRET}",
        "scopes": [
          "https://www.googleapis.com/auth/calendar.calendarlist.readonly",
          "https://www.googleapis.com/auth/calendar.events.freebusy",
          "https://www.googleapis.com/auth/calendar.events.readonly"
        ]
      }
    },
    "people": {
      "httpUrl": "https://people.googleapis.com/mcp/v1",
      "oauth": {
        "enabled": true,
        "clientId": "${CLIENT_ID}",
        "clientSecret": "${CLIENT_SECRET}",
        "scopes": [
          "https://www.googleapis.com/auth/directory.readonly",
          "https://www.googleapis.com/auth/userinfo.profile",
          "https://www.googleapis.com/auth/contacts.readonly"
        ]
      }
    }
  }
}

Initial Connection

Start up Gemini CLI after all the environment variables have been set:

xbill@penguin:~/workspace-mcp$ gemini

 ▝▜▄ Gemini CLI v0.40.0
   ▝▜▄
  ▗▟▀ Signed in with Google /auth
 ▝▀ Plan: Gemini Code Assist Standard /upgrade

Then use the /mcp list :

 > /mcp list                                                                                                                                         

Configured MCP servers:

🟢 gmail - Ready (10 tools) (OAuth not authenticated)

The OAuth server has not been explicitly enabled- so it is showing as not authenticated.

Oauth MCP Connection Settings

To simplify the Oauth setup — a prebuilt settings.json has been provided for Gemini CLI. The values for the Oauth client need to be set in the current test environment.

cat save_oauth.sh

The settings need to be enabled for each service. As an example - for Google Drive:

 > /mcp auth drive

ℹ Starting OAuth authentication for MCP server 'drive'...

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ │
│ Authentication required for MCP Server: 'drive.' Opening authentication page in your browser. │
│ │
│ Do you want to continue? │
│ │
│ ● 1. Yes │
│ 2. No │
│ │
│ Enter to select · ↑/↓ to navigate · Esc to cancel │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

Then it will show successful:

and Gemini CLI will return:

ℹ Starting OAuth authentication for MCP server 'drive'...

ℹ → Opening your browser for OAuth sign-in...
  If the browser does not open, copy and paste this URL into your browser:
  https://accounts.google.com/o/oauth2/v2/auth?client_id=1056842563084-862rokg1g71ci9mli67el70ejmbkrhik.apps.googleusercontent.com&response_type=code
  &redirect_uri=http%3A%2F%2Flocalhost%3A39387%2Foauth%2Fcallback&state=wedrlIdjzr30cXEequQ2VQ&code_challenge=I4duUiNR0msHZXxgnODkcl-7yzMjeMOcgKCp6KT
  5YLc&code_challenge_method=S256&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file
  &resource=https%3A%2F%2Fdrivemcp.googleapis.com%2Fmcp%2Fv1
  💡 TIP: Triple-click to select the entire URL, then copy and paste it into your browser.
  ⚠️ Make sure to copy the COMPLETE URL - it may wrap across multiple lines.

ℹ ✅ Successfully authenticated with MCP server 'drive'!

ℹ Restarting MCP server 'drive'...

ℹ Successfully authenticated and reloaded tools for 'drive'

Repeat the OAuth permissions for each Workspace service.

Validate The Setup

Once the MCP OAuth authentication has been enabled for the Workspace services- you can check them with Gemini CLI:

 > /mcp list                                                                                                                                         

Configured MCP servers:

🟢 gmail - Ready (10 tools) (OAuth)
  Tools:
  - mcp_gmail_create_draft
  - mcp_gmail_create_label
  - mcp_gmail_get_thread
  - mcp_gmail_label_message
  - mcp_gmail_label_thread
  - mcp_gmail_list_drafts
  - mcp_gmail_list_labels
  - mcp_gmail_search_threads
  - mcp_gmail_unlabel_message
  - mcp_gmail_unlabel_thread

🟢 drive - Ready (8 tools) (OAuth)
  Tools:
  - mcp_drive_copy_file
  - mcp_drive_create_file
  - mcp_drive_download_file_content
  - mcp_drive_get_file_metadata
  - mcp_drive_get_file_permissions
  - mcp_drive_list_recent_files
  - mcp_drive_read_file_content
  - mcp_drive_search_files

🟢 calendar - Ready (8 tools) (OAuth)
  Tools:
  - mcp_calendar_create_event
  - mcp_calendar_delete_event
  - mcp_calendar_get_event
  - mcp_calendar_list_calendars
  - mcp_calendar_list_events
  - mcp_calendar_respond_to_event
  - mcp_calendar_suggest_time
  - mcp_calendar_update_event

🟢 people - Ready (3 tools) (OAuth)
  Tools:
  - mcp_people_get_user_profile
  - mcp_people_search_contacts
  - mcp_people_search_directory_people

All Right Already! Can you actually do something with Workspace?

At this point- Gemini CLI is setup with the Workspace MCP server and has direct access to all the MCP Tools. Any operations with the Tools come back directly into the Gemini CLI Context.

Calendar

> what meetings do I have tomorrow?

  Checking Tomorrow's Calendar: Retrieving calendar events for tomorrow.

╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Action Required │
│ │
│ ? list_events (calendar MCP Server) {"startTime":"2026-05-11T00:00:00Z","endTime":"2026-05-12T00:00:00Z"} │
│ │
│ MCP Server: calendar │
│ Tool: list_events │
│ │
│ MCP Tool Details: │
│ (press Ctrl+O to expand MCP tool details) │
│ Allow execution of MCP tool "list_events" from server "calendar"? │
│ │
│ ● 1. Allow once │
│ 2. Allow tool for this session │
│ 3. Allow all server tools for this session │
│ 4. Allow tool for all future sessions ~/.gemini/policies/auto-saved.toml │
│ 5. No, suggest changes (esc) │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

✦ You have two meetings scheduled for tomorrow, Monday, May 11, 2026:

   1. All Staff Morning Meeting
       * Time: 9:30 AM – 10:30 AM EDT
       * Location: Zoom Meeting
       * Description: Daily staff meeting. The Zoom link and call-in details are included in the event.

   2. [TPU] Office Hours - Europe/America
       * Time: 1:30 PM – 2:00 PM EDT
       * Location: Google Meet (https://meet.google.com/mri-ovop-cen)
       * Description: TPU Office Hours for a Europe/America friendly time.

  Please note that your response status for both meetings is currently marked as "needs action."

Gmail

> summarize last 3 emails from Richard Seroter's Architecture Musings

  Summarizing Architecture Musings Emails: Searching for and summarizing the last 3 emails from "Richard Seroter's Architecture Musings".

╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Action Required │
│ │
│ ? search_threads (gmail MCP Server) {"query":"from:\"Richard Seroter's Architecture Musings\"","pageSize":3} │
│ │
│ MCP Server: gmail │
│ Tool: search_threads │
│ │
│ MCP Tool Details: │
│ (press Ctrl+O to expand MCP tool details) │
│ Allow execution of MCP tool "search_threads" from server "gmail"? │
│ │
│ ● 1. Allow once │
│ 2. Allow tool for this session │
│ 3. Allow all server tools for this session │
│ 4. Allow tool for all future sessions ~/.gemini/policies/auto-saved.toml │
│ 5. No, suggest changes (esc) │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

✦ Here is a summary of the last three editions of Richard Seroter's Daily Reading List:

  1. Daily Reading List – May 8, 2026 (#780)
   * AI & Cognitive Debt: Discussion on "Cognitive Surrender," where relying too heavily on AI output can lead to cognitive debt.
   * Job Market: Articles debunking the "AI Job Apocalypse" as a fantasy, noting that tech job postings have hit a 3-year high.
   * Engineering Patterns: Modernizing legacy Express apps to Next.js using AI agents and Google Antigravity.
   * Infrastructure: Updates on GKE (faster node startup) and Bigtable (new in-memory tier for sub-millisecond reads).
   * Industry Shifts: Pinecone is moving away from RAG mainstreaming toward pushing knowledge upstream into agent artifacts.

  2. Daily Reading List – May 7, 2026 (#779)
   * AI Monetization: Why traditional SaaS "freemium" models don't work for AI, with a shift toward upselling based on usage intensity and outcomes.
   * Reliability: Lessons from Airbnb on monitoring at scale and breaking circular dependencies in observability stacks.
   * Agent Architectures: Guidance on choosing between REST APIs, MCP, and Agent-to-Agent (A2A) architectures (defaulting to REST unless reasoning
     agents need more).
   * New Tools: Gemini 3.1 Flash-Lite is now GA on the Gemini Enterprise Agent Platform.
   * Kubernetes: A new GKE feature allows using "Pod Snapshots" to eliminate cold start latencies.

  3. Daily Reading List – May 6, 2026 (#778)
   * Agent Skills: A look at twenty agent skills that serve the entire SDLC and force agents through standard engineering stages.
   * AI-Native Orgs: Designing organizations for AI-native engineering involving shorter planning cycles and smaller, more diverse squads.
   * Agentic Coding: A debate on whether agentic coding is a "trap" vs. Google’s success in achieving 6x faster code migrations (TensorFlow to JAX)
     using specialized agents.
   * Cloud Interop: AWS MCP Server is now generally available, highlighting the industry-wide move toward MCP support.
   * Security: New IAM features focused on security, governance, and runtime defense.

Drive

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Action Required │
│ │
│ ? create_file (drive MCP Server) {"textContent":"# Gemini CLI v0.41.0 Release Highlights (May 5, 2026)\n\nThe latest release of Gemini CLI brin… │
│ │
│ MCP Server: drive │
│ Tool: create_file │
│ │
│ MCP Tool Details: │
│ (press Ctrl+O to expand MCP tool details) │
│ Allow execution of MCP tool "create_file" from server "drive"? │
│ │
│ 1. Allow once │
│ 2. Allow tool for this session │
│ 3. Allow all server tools for this session │
│ ● 4. Allow tool for all future sessions ~/.gemini/policies/auto-saved.toml │
│ 5. No, suggest changes (esc) │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

✦ I've created a new Google Doc with the highlights from the latest Gemini CLI release (v0.41.0).

  You can view it here: Gemini CLI v0.41.0 Release Highlights
  (https://docs.google.com/document/d/1HrDB06S2-mGdORNvItNuOwJidX9zazLgoOCN4eLLPpc/edit?usp=drivesdk)

  Highlights included in the document:
   * Real-time Voice Mode: Now supports both cloud and local backends for terminal-based voice interactions.
   * Secure Environment Loading: Enforced workspace trust and secured .env loading for headless operations.
   * Advanced Shell Validation: Added a core tools allowlist and enhanced validation for improved security.
   * Bonus Recap (v0.40.0): Also included notes on offline search with ripgrep, colorblind-friendly themes, and the new four-tier memory management
     system.

People

  Searching Contacts for Lenovo: Searching for "Lenovo" in the user's contacts.

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ search_contacts (people MCP Server) {"query":"Lenovo"} │
│ │
│ { │
│ "results": [ │
│ { │
│ "email": "Lenovo@enews.lenovo.com" │
│ } │
│ ] │
│ } │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

✦ I found one contact matching Lenovo:

   * Email: Lenovo@enews.lenovo.com

  Is this the contact you were looking for?

Final Gemini CLI Code Review

As a final step — Gemini CLI was used for a full code review of the project:

✦ This project is a developer workspace designed to build, manage, and authorize Model Context Protocol (MCP) agents within a Google Cloud (GCP)
  environment.

  Its primary purpose is to simplify the setup of MCP servers that allow AI models to interact with Google Workspace services (Gmail, Drive,
  Calendar, etc.).

  Key Capabilities
   - Automated Environment Setup: The init.sh script handles GCP project configuration, including enabling necessary APIs like Gmail, Drive, and the
     corresponding MCP APIs.
   - Authentication Management: Scripts like set_adc.sh and save_oauth.sh manage Application Default Credentials (ADC) and OAuth secrets, ensuring
     secure access to your Google data.
   - MCP Authorization Flow: mcp_setup.sh provides the specific commands needed to authorize the Gemini CLI to use these Workspace services via MCP.
   - Workspace Integration: It bridges your GCP infrastructure with the Gemini CLI, enabling tools that can read your email, schedule meetings, or
     search your Drive.

  Core Components
   - GEMINI.md: Contains the "Mandates" and tech stack rules for developing in this workspace.
   - .env Management: Local state (like your GOOGLE_CLOUD_PROJECT ID) is managed through scripts to keep your environment consistent.
   - Initialization Scripts: A suite of bash scripts to handle the "plumbing" of GCP and MCP setup.

  Essentially, it turns your local terminal and Gemini CLI into a powerful agentic platform capable of performing complex tasks across your Google
  Workspace.

Summary

Gemini CLI was configured as a MCP client using the MCP Server for Google Workspace. Then, the MCP connection was used to connect to the Workspace Environment and test basic operations. Finally, Gemini CLI was used for a complete project code review.

DEV Community