{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"awesome-google-admin-mcp","slug":"google-admin-mcp","name":"Google Admin MCP","type":"mcp","url":"https://github.com/securityfortech/google-admin-mcp","page_url":"https://unfragile.ai/google-admin-mcp","categories":["mcp-servers"],"tags":[],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"awesome-google-admin-mcp__cap_0","uri":"capability://tool.use.integration.google.workspace.user.provisioning.and.lifecycle.management.via.mcp","name":"google workspace user provisioning and lifecycle management via mcp","description":"Enables programmatic creation, modification, and deletion of Google Workspace user accounts through MCP server endpoints that wrap Google Admin Directory API calls. The MCP server translates tool-calling requests into authenticated Admin SDK Directory API operations, handling OAuth 2.0 service account authentication and returning structured user objects with full profile data including organizational unit assignments, custom schemas, and suspension status.","intents":["Automate bulk user onboarding workflows triggered by HR system events","Programmatically update user attributes (name, email, department) across Workspace","Suspend or delete user accounts as part of offboarding automation","Query user directory to validate email existence before provisioning"],"best_for":["IT automation engineers building Workspace lifecycle management agents","Security teams automating user access revocation workflows","Organizations integrating Workspace with HR/HRIS systems via LLM agents"],"limitations":["Requires Google Cloud project with Admin SDK Directory API enabled — not available for consumer Google accounts","Service account must have domain-wide delegation enabled with appropriate OAuth scopes","Batch operations limited by Google API quotas (typically 100 requests/second per domain)","Cannot directly manage password resets — requires separate password reset flow or admin-initiated reset"],"requires":["Google Cloud project with Admin SDK Directory API enabled","Service account JSON key file with domain-wide delegation configured","OAuth scopes: https://www.googleapis.com/auth/admin.directory.user","MCP client compatible with tool-calling (Claude, etc.)"],"input_types":["JSON objects with user attributes (firstName, lastName, email, orgUnitPath)","User email addresses or user IDs for lookup/modification","Query parameters for filtering (orgUnit, status)"],"output_types":["Structured user objects with full profile data","Boolean success/failure responses for mutations","Paginated user lists with metadata"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_1","uri":"capability://tool.use.integration.google.workspace.group.management.and.membership.operations.via.mcp","name":"google workspace group management and membership operations via mcp","description":"Provides MCP tool endpoints for creating, updating, and deleting Google Groups, plus managing group membership (adding/removing members). The server translates MCP tool calls into Google Admin Directory API operations for groups and members resources, handling authentication and returning group objects with metadata (email, description, member count) and membership lists with member details and roles.","intents":["Automatically create distribution lists or security groups for new organizational units","Programmatically add/remove users from groups based on department or role changes","Query group membership to audit access or validate group composition","Update group settings (name, description, email aliases) in bulk"],"best_for":["Access control automation engineers managing group-based permissions","Security teams automating group membership audits and remediation","Organizations building self-service group management agents"],"limitations":["Cannot manage group settings like moderation policies or posting permissions — limited to basic metadata","Member role assignment limited to OWNER, MANAGER, MEMBER roles; cannot assign custom roles","Batch member operations require individual API calls per member (no bulk member import endpoint exposed)","Group email aliases managed separately via Groups Settings API, not included in this capability"],"requires":["Google Cloud project with Admin SDK Directory API enabled","Service account with domain-wide delegation and scopes: https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member","MCP client with tool-calling support"],"input_types":["JSON objects with group attributes (email, name, description)","User email addresses for membership operations","Member role specifications (OWNER, MANAGER, MEMBER)"],"output_types":["Structured group objects with metadata","Group membership lists with member details and roles","Boolean responses for membership mutations"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_2","uri":"capability://tool.use.integration.google.workspace.organizational.unit.ou.hierarchy.querying.and.management.via.mcp","name":"google workspace organizational unit (ou) hierarchy querying and management via mcp","description":"Exposes MCP tools for querying Google Workspace organizational unit hierarchies, creating new OUs, and updating OU properties. The server translates MCP tool calls into Google Admin Directory API orgUnits resource operations, returning hierarchical OU structures with parent-child relationships, descriptions, and block status, enabling agents to navigate and modify the org structure programmatically.","intents":["Query the full organizational hierarchy to understand department/team structure","Programmatically create new OUs when organizational structure changes","Update OU descriptions or block status for policy enforcement","Validate OU paths before assigning users to organizational units"],"best_for":["Organizational change management automation engineers","Security teams enforcing policies at the OU level","HR integration specialists mapping org structure to Workspace"],"limitations":["OU deletion not supported via Admin API — OUs can only be blocked, not removed","OU hierarchy depth limited by Google's internal constraints (typically 10+ levels supported but not guaranteed)","Cannot directly assign policies to OUs via this capability — requires separate Device Management API","OU name changes propagate asynchronously; immediate re-query may return stale data"],"requires":["Google Cloud project with Admin SDK Directory API enabled","Service account with domain-wide delegation and scope: https://www.googleapis.com/auth/admin.directory.orgunit","MCP client with tool-calling support"],"input_types":["OU path strings (e.g., '/Engineering/Backend')","JSON objects with OU attributes (name, description, blockInheritance)","Parent OU paths for hierarchy traversal"],"output_types":["Hierarchical OU objects with parent/child relationships","Lists of OUs at specified path levels","Boolean responses for OU mutations"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_3","uri":"capability://tool.use.integration.google.workspace.device.management.and.policy.enforcement.via.mcp","name":"google workspace device management and policy enforcement via mcp","description":"Exposes MCP tools for querying enrolled mobile devices and computers in Google Workspace, retrieving device details (OS, model, compliance status), and triggering device management actions (remote wipe, lock, disable). The server translates MCP tool calls into Google Admin Directory API mobileDevices and computers resources, plus Device Management API endpoints, returning device inventory with security posture and enabling remote device control.","intents":["Query inventory of enrolled devices to audit device compliance and security status","Remotely wipe or lock devices when employees are terminated or devices are lost","Identify non-compliant devices (outdated OS, missing encryption) for remediation","Trigger device policy enforcement actions based on security events"],"best_for":["Mobile device management (MDM) automation engineers","Security operations teams responding to device compromise incidents","Compliance teams automating device inventory and policy enforcement"],"limitations":["Device management actions (wipe, lock) require devices to be enrolled in Google's Device Management service — consumer devices not supported","Remote actions are asynchronous; confirmation of action completion requires polling device status","Cannot directly install or uninstall apps via this capability — requires separate Android Management API","Device compliance rules are read-only through this interface; policy configuration requires Google Admin console or separate Policy API"],"requires":["Google Cloud project with Admin SDK Directory API and Device Management API enabled","Service account with domain-wide delegation and scopes: https://www.googleapis.com/auth/admin.directory.device.mobile, https://www.googleapis.com/auth/admin.directory.device.chromeos","Devices enrolled in Google's Device Management service","MCP client with tool-calling support"],"input_types":["Device IDs or serial numbers for lookup","Query filters (device type, OS, compliance status)","Action specifications (wipe, lock, disable)"],"output_types":["Device objects with OS, model, compliance status, last sync time","Device inventory lists with metadata","Boolean responses for device management actions"],"categories":["tool-use-integration","automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_4","uri":"capability://tool.use.integration.google.workspace.security.and.audit.log.querying.via.mcp","name":"google workspace security and audit log querying via mcp","description":"Provides MCP tools for querying Google Workspace audit logs and security events through the Admin Reports API. The server translates MCP tool calls into Reports API endpoints, returning structured audit records with timestamps, actors, actions, and affected resources, enabling agents to investigate security incidents, audit user activities, and detect policy violations programmatically.","intents":["Query audit logs to investigate security incidents or suspicious user activities","Audit admin actions (user creation, group changes, policy modifications) for compliance","Detect policy violations (unauthorized file sharing, data exfiltration attempts) through log analysis","Generate audit reports for compliance frameworks (SOC 2, HIPAA, FedRAMP)"],"best_for":["Security operations engineers building incident investigation agents","Compliance teams automating audit log collection and analysis","Forensics specialists investigating data access and exfiltration"],"limitations":["Audit logs retained for 180 days by default; older logs not accessible via API","Log query latency can be 24+ hours for some event types (e.g., Drive activity) due to Google's processing pipeline","Cannot filter by custom attributes or complex boolean logic — limited to predefined report types and basic filters","Sensitive data (passwords, API keys) redacted from logs; cannot retrieve full request/response payloads"],"requires":["Google Cloud project with Admin SDK Reports API enabled","Service account with domain-wide delegation and scope: https://www.googleapis.com/auth/admin.reports.audit.readonly","MCP client with tool-calling support"],"input_types":["Report type specifications (admin, drive, login, etc.)","Date ranges for log queries","Filter parameters (actor email, resource ID, action type)"],"output_types":["Structured audit log records with timestamp, actor, action, resource","Paginated log lists with metadata","Aggregated event counts and summaries"],"categories":["tool-use-integration","search-retrieval","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_5","uri":"capability://tool.use.integration.google.workspace.domain.and.license.management.via.mcp","name":"google workspace domain and license management via mcp","description":"Exposes MCP tools for querying domain information, managing domain aliases, and retrieving license/subscription details for Google Workspace. The server translates MCP tool calls into Google Admin Directory API domains and customer resources, returning domain configurations, verification status, license counts, and subscription details, enabling agents to manage domain settings and track licensing programmatically.","intents":["Query domain configuration and verification status for DNS troubleshooting","Manage domain aliases to support email routing and organizational changes","Track license usage and subscription details for capacity planning","Validate domain ownership before provisioning users or resources"],"best_for":["Workspace administrators automating domain and license management","IT operations teams tracking license utilization and renewal dates","Organizations managing multiple domains or subdomains"],"limitations":["Cannot directly purchase or upgrade licenses via API — requires Google Admin console or reseller API","Domain verification status is read-only; cannot programmatically verify domains","Domain alias creation/deletion available but limited to 100 aliases per domain","License details are aggregated at customer level; cannot query per-user license assignments"],"requires":["Google Cloud project with Admin SDK Directory API enabled","Service account with domain-wide delegation and scopes: https://www.googleapis.com/auth/admin.directory.domain, https://www.googleapis.com/auth/admin.directory.customer","MCP client with tool-calling support"],"input_types":["Domain names for lookup","Domain alias specifications","Query parameters for license filtering"],"output_types":["Domain objects with verification status, DNS records, aliases","Customer/license objects with subscription details and seat counts","Boolean responses for domain alias mutations"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_6","uri":"capability://tool.use.integration.google.workspace.resource.management.calendars.rooms.via.mcp","name":"google workspace resource management (calendars, rooms) via mcp","description":"Provides MCP tools for managing Google Workspace shared resources (conference rooms, equipment) including creation, modification, and querying of resource calendars and availability. The server translates MCP tool calls into Google Admin Directory API resources endpoints, returning resource objects with capacity, location, and availability status, enabling agents to manage resource inventory and availability programmatically.","intents":["Programmatically create and configure shared resources (conference rooms, projectors) for new offices","Query resource availability and capacity for meeting scheduling automation","Update resource metadata (location, capacity, features) when physical spaces change","Manage resource access policies and booking rules"],"best_for":["Facilities management automation engineers","Meeting scheduling system builders integrating with Workspace","Organizations automating resource provisioning for new offices"],"limitations":["Cannot directly manage resource calendar events — only resource metadata; event management requires Calendar API","Resource availability queries are point-in-time snapshots; real-time availability requires Calendar API integration","Custom resource types limited to predefined categories; cannot create arbitrary resource types","Resource access policies managed separately via Directory API; cannot set booking rules directly"],"requires":["Google Cloud project with Admin SDK Directory API enabled","Service account with domain-wide delegation and scope: https://www.googleapis.com/auth/admin.directory.resource.calendar","MCP client with tool-calling support"],"input_types":["JSON objects with resource attributes (name, capacity, location, type)","Resource IDs for lookup/modification","Query filters (resource type, location, capacity)"],"output_types":["Structured resource objects with metadata and capacity","Resource lists with availability summaries","Boolean responses for resource mutations"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-google-admin-mcp__cap_7","uri":"capability://tool.use.integration.mcp.server.authentication.and.credential.management.for.google.admin.apis","name":"mcp server authentication and credential management for google admin apis","description":"Handles OAuth 2.0 service account authentication for all Google Admin API calls, managing credential lifecycle (loading service account keys, refreshing tokens, handling auth errors). The MCP server implements standard OAuth 2.0 service account flow with domain-wide delegation, automatically injecting authentication headers into all Admin API requests and transparently handling token refresh without requiring client-side credential management.","intents":["Authenticate MCP client to Google Admin APIs without exposing credentials to the client","Manage service account token lifecycle (refresh, expiration) transparently","Handle OAuth 2.0 domain-wide delegation scopes for accessing user data","Validate and rotate service account credentials securely"],"best_for":["Security-conscious teams deploying MCP servers in shared environments","Organizations requiring credential isolation between MCP clients and Google APIs","Teams managing multiple service accounts for different Workspace domains"],"limitations":["Service account key must be stored on MCP server filesystem — no support for external secret managers (Vault, Secrets Manager) in base implementation","Token refresh happens automatically but adds ~100-200ms latency on first request after token expiration","Cannot use user-delegated OAuth 2.0 flow (3-legged OAuth) — only service account flow supported","Domain-wide delegation requires admin consent in Google Cloud project; cannot be automated"],"requires":["Google Cloud project with service account created","Service account JSON key file with private key","Domain-wide delegation enabled in Google Cloud project","OAuth scopes granted in Google Workspace admin console"],"input_types":["Service account JSON key file path","OAuth scope list for domain-wide delegation","Admin email for domain-wide delegation impersonation"],"output_types":["OAuth 2.0 access tokens (internal, not exposed to client)","Authentication status and error messages","Token expiration metadata"],"categories":["tool-use-integration","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":26,"verified":false,"data_access_risk":"high","permissions":["Google Cloud project with Admin SDK Directory API enabled","Service account JSON key file with domain-wide delegation configured","OAuth scopes: https://www.googleapis.com/auth/admin.directory.user","MCP client compatible with tool-calling (Claude, etc.)","Service account with domain-wide delegation and scopes: https://www.googleapis.com/auth/admin.directory.group, https://www.googleapis.com/auth/admin.directory.group.member","MCP client with tool-calling support","Service account with domain-wide delegation and scope: https://www.googleapis.com/auth/admin.directory.orgunit","Google Cloud project with Admin SDK Directory API and Device Management API enabled","Service account with domain-wide delegation and scopes: https://www.googleapis.com/auth/admin.directory.device.mobile, https://www.googleapis.com/auth/admin.directory.device.chromeos","Devices enrolled in Google's Device Management service"],"failure_modes":["Requires Google Cloud project with Admin SDK Directory API enabled — not available for consumer Google accounts","Service account must have domain-wide delegation enabled with appropriate OAuth scopes","Batch operations limited by Google API quotas (typically 100 requests/second per domain)","Cannot directly manage password resets — requires separate password reset flow or admin-initiated reset","Cannot manage group settings like moderation policies or posting permissions — limited to basic metadata","Member role assignment limited to OWNER, MANAGER, MEMBER roles; cannot assign custom roles","Batch member operations require individual API calls per member (no bulk member import endpoint exposed)","Group email aliases managed separately via Groups Settings API, not included in this capability","OU deletion not supported via Admin API — OUs can only be blocked, not removed","OU hierarchy depth limited by Google's internal constraints (typically 10+ levels supported but not guaranteed)","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.26,"ecosystem":0.39999999999999997,"match_graph":0.25,"freshness":0.52,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-06-17T09:51:03.040Z","last_scraped_at":"2026-05-03T14:00:15.503Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=google-admin-mcp","compare_url":"https://unfragile.ai/compare?artifact=google-admin-mcp"}},"signature":"3Fe+d+JZhWQgqQzY6xzN50Bt0K1oAxaO3FnHuGp5fqHNNIA9gdkcRQkYCUUz7E4rY2Mgr45KxPYzZc94EDLyDA==","signedAt":"2026-06-21T01:22:06.673Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/google-admin-mcp","artifact":"https://unfragile.ai/google-admin-mcp","verify":"https://unfragile.ai/api/v1/verify?slug=google-admin-mcp","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}