google-workspace-mcp
Provides tools for managing Gmail, including sending, reading, and organizing emails through the user's Google Workspace account.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@google-workspace-mcpshow my calendar events for tomorrow"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
google-workspace-mcp (deploy)
Deployment for the workspace-mcp
server (Gmail / Calendar / Docs / Sheets / Slides / Drive) as a remote,
multi-user MCP server in OAuth 2.1 mode for a single Google Workspace
organization.
One Google OAuth "Internal" app serves everyone: each user connects the remote
MCP once, authorises with their corporate Google account, and the server stores
their personal refresh token under the data/ volume. Users only click
"Authorize"; the app credentials (client_id/client_secret) identify the app,
not the user.
The whole application is the pinned upstream workspace-mcp package baked into
an image; there is no first-party code here. Upgrade by bumping the == pin in
requirements.txt.
Prerequisites
1. Google Cloud — Internal OAuth app (once)
Create a project in your Workspace organization (so
User type: Internalis available — this removes the CASA/verification and 100-user limits).Enable the APIs you need (Drive, Docs, Sheets, Gmail, Calendar, …).
OAuth consent screen → User type: Internal; add the required scopes (prefer the narrowest, e.g.
drive.fileover fulldrivewhen it suffices).Create an OAuth client → Web application. Add the Authorized redirect URI:
https://<WORKSPACE_DOMAIN>/oauth2callbackCopy the client id/secret into
.env.Optional: an admin can mark this OAuth client Trusted in the Admin Console (Security → API controls → App access control) so users skip the consent screen.
2. Host — Traefik + DNS (see the org's Traefik guide)
DNS A-record
<WORKSPACE_DOMAIN>→ the host's public IP.Router/NAT: forward both 80 and 443 (80 is needed for the ACME HTTP-01 challenge and the http→https redirect).
Traefik stack must have the
letsEncryptresolver and a global http→https redirect. Without it, plain http returns 404 and the cert will not issue.A shared external Docker network
docker_main_netmust exist (Traefik lives on it).make netcreates it if missing, andmake upcalls it automatically.
Related MCP server: mcp-google-multi
Configure & run
make env # create .env from .env.example
# edit .env:
# GOOGLE_OAUTH_CLIENT_ID=...apps.googleusercontent.com
# GOOGLE_OAUTH_CLIENT_SECRET=...
# WORKSPACE_DOMAIN=mcp.example.com
make config # validate compose + .env substitution
make up # start (image pulled from ghcr.io, published via Traefik)
make logs # follow logsmake help lists all targets (env, config, build, pull, net, up,
down, restart, logs).
How users connect
Add the remote MCP connector URL in the client (e.g. Claude):
https://<WORKSPACE_DOMAIN>/mcpOn first use the user is redirected to the Google consent screen (their corporate account) and then works against their own Drive/Gmail/etc. If the OAuth client is marked Trusted, no consent screen appears.
Environment variables
Variable | Where | Meaning |
|
| OAuth client id of the Internal app |
|
| OAuth client secret |
|
| Public host; drives |
| compose |
|
| compose | bind |
| compose | per-user token dir under |
|
| Full ghcr.io image path; must equal your GitHub repo path |
Upgrading the server
Bump the pin in requirements.txt (e.g. workspace-mcp==1.22.0 → newer), push
to main; CI smoke-tests, builds and pushes :latest, and watchtower redeploys.
Claude Code & CIMD
Claude Code 2.1.x is CIMD-first: if the server advertised
client_id_metadata_document_supported, Claude would send
client_id=https://claude.ai/oauth/claude-code-client-metadata, which this server
cannot fetch through Cloudflare (302 to datacenter IPs) → 400 "unregistered client".
So the image applies a build-time patch (patches/disable_cimd.py) that disables
CIMD; Claude Code then uses Dynamic Client Registration (DCR), which works here.
Toggle with
WORKSPACE_MCP_ENABLE_CIMD(defaultfalse= CIMD off).A
workspace-mcpversion bump may require updating the patch — the build fails loudly if the upstream call site changed (seepatches/README.md).
Security notes
The
data/volume holds every user's Google refresh token — a high-value target. Restrict host access, back it up carefully, and consider disk encryption. For a hardened remote setup, upstream also supports a GCS credential backend (WORKSPACE_MCP_CREDENTIAL_STORE_BACKEND=gcs).Grant the OAuth app the minimum scopes required.
Never commit
.env; the committed files contain only placeholders.The container runs as root (matching the Traefik/compose convention). For extra isolation you may add a non-root
USERto theDockerfile(keep/app/datawritable) and setWORKSPACE_MCP_ALLOWED_CLIENT_REDIRECT_URISto restrict which OAuth client redirect URIs the server accepts.
Conventions
Follows the org's «Как создавать проект» guide, adapted for a third-party app:
state in data/, config from ENV/.env, prebuilt ghcr.io image behind Traefik
with watchtower, CI gating the build. See AGENTS.md.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/wirenboard/google-workspace-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server