Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt

Use this file to discover all available pages before exploring further.

Google Workspace MCP servers usually require a Google Cloud OAuth app and Workspace admin approval before employees can connect. Use this guide to prepare the OAuth app and then register each Google MCP server in TrueFoundry.

Prerequisites

  • A TrueFoundry account with permission to add MCP servers.
  • Google Workspace super admin access.
  • A Google Cloud project where you can create OAuth credentials.

Create a Google OAuth Client

In Google Cloud Console, configure the OAuth consent screen for your organization and create a Web application OAuth client. Add this authorized redirect URI: 
https://<tfy-control-plane-base-url>/api/svc/v1/llm-gateway/mcp-servers/oauth2/callback
Copy the Client ID and Client Secret. In Google Admin Console, open Security > Access and data control > API controls and mark the OAuth app as trusted, or explicitly allow only the scopes required by the Google MCP server you are deploying.

Common Google Scopes

ServerCommon scopes
Docshttps://www.googleapis.com/auth/documents, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/drive.readonly
Sheetshttps://www.googleapis.com/auth/spreadsheets, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/drive.readonly
Slideshttps://www.googleapis.com/auth/presentations, https://www.googleapis.com/auth/drive.file, https://www.googleapis.com/auth/drive.readonly
Drivehttps://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/drive.file
Gmail and Calendarhttps://www.googleapis.com/auth/gmail.readonly, https://www.googleapis.com/auth/gmail.compose, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/calendar.events
All servers typically also need openid, userinfo.email, and userinfo.profile.

Register in TrueFoundry

Add each Google MCP server as a remote OAuth2 MCP server in MCP Gateway. Use the server URL from the Google MCP implementation you are deploying, paste the Google OAuth client credentials, and add collaborators. Users should open the server’s Tools section and click Connect Now; after OAuth succeeds, Google tools appear and can be tried from the Agent Playground.

Security Notes

Prefer specific Google data access over marking broad scopes as trusted. Use per-user OAuth so Drive, Docs, Gmail, and Calendar access follows each user’s Google Workspace permissions.