Google Workspace Setup

Junto connects to Google Workspace through the Google Admin SDK and Gmail API, giving the AI agent access to users, groups, organizational units, licenses, mobile devices, and email settings across your customer domains.

Prerequisites

• A Google Workspace account with Super Admin access for the customer's domain
• The customer domain must have Google Workspace (Business, Enterprise, or Education)

Connect via OAuth

1. In Junto, go to the company's Integrations page.
2. Find Google Workspace and click Connect.
3. Authenticate with Super Admin credentials for the customer's domain.
4. Review and accept the requested permissions.
5. After authorization, you are redirected back to Junto with an active connection.

The connection is managed automatically from there, including token refresh.

What the AI Agent Can Do

Once connected, the AI agent can help manage the customer's Google Workspace environment across the following areas.

User Management

Tool	Description	Risk Level
List Users	List all users in the domain with optional filtering	Low
Get User	View user details including name, email, org unit, admin status, and last login	Low
Create User	Create a new user account	Medium
Update User	Update user profile properties	Medium
Suspend User	Suspend a user account, preventing sign-in	High
Unsuspend User	Reactivate a suspended user account	Medium
Reset Password	Reset a user's password	High
Delete User	Permanently delete a user account	High

Group Management

Tool	Description	Risk Level
List Groups	List all groups in the domain	Low
Get Group	View group details	Low
Create Group	Create a new group	Medium
Update Group	Update group properties	Medium
List Group Members	View all members of a group	Low
Add Group Member	Add a user to a group	Medium
Remove Group Member	Remove a user from a group	Medium
Delete Group	Permanently delete a group	High

Organizational Units

Tool	Description	Risk Level
List Org Units	List organizational units in the domain	Low
Move User to Org Unit	Move a user to a different organizational unit	Medium

Email Aliases

Tool	Description	Risk Level
List User Aliases	List email aliases for a user	Low
Add User Alias	Add an email alias for a user	Medium
Delete User Alias	Remove an email alias from a user	Medium

Licensing

Tool	Description	Risk Level
List Licenses	List all license assignments for a product, optionally filtered by SKU	Low
Get User License	Check if a user has a specific license	Low
Assign License	Assign a Google Workspace license to a user	Medium
Remove License	Remove a license from a user	Medium

Security & Access Control

Tool	Description	Risk Level
List User Tokens	List OAuth tokens issued to third-party applications for a user	Low
Revoke User Token	Revoke a third-party application's access token for a user	High

Mobile Device Management

Tool	Description	Risk Level
List Mobile Devices	List mobile devices managed by Google Workspace	Low
Mobile Device Action	Perform actions on a device (wipe, block, approve, account wipe)	High

Gmail Settings

Tool	Description	Risk Level
Set Email Signature	Set or update a user's email signature	Medium
Get Vacation Settings	View a user's auto-reply/vacation settings	Low
Set Vacation Settings	Configure a user's auto-reply/vacation settings	Medium

High-impact actions (account deletion, password resets, device wipes, token revocation, and user suspension) always require technician approval before the agent proceeds.

Troubleshooting

• OAuth connection fails -- Ensure you are signing in as a Super Admin of the customer's Google Workspace domain.
• Missing data -- Some features may require specific Google Workspace editions (Business, Enterprise, Education).
• Token expired -- The integration refreshes tokens automatically. If the connection shows an error, disconnect and reconnect.
• Mobile device actions fail -- Ensure the device is enrolled in Google Workspace mobile management.