Google Workspace Admin

What It Does

Using a single Maton API key, you can create, update, suspend, and delete users; manage groups and their membership; organize your domain into organizational units; assign admin roles; and inspect domain settings — all through a simple REST proxy at `gateway.maton.ai`.

Google Workspace Admin gives AI agents full access to the Google Workspace Admin SDK through a managed OAuth gateway, so you never have to handle Google OAuth credentials directly.

Key Features

• Managed OAuth — no Google credential handling — All requests are proxied through `gateway.maton.ai`, which automatically injects a valid Google OAuth token. You authenticate with a single `MATON_API_KEY`; OAuth connection setup and refresh are handled by the Maton platform at `ctrl.maton.ai`.
• Full User Management — Create, read, update, patch, and delete users. Additional actions include suspending accounts, promoting users to super-admin, and forcing a password change at next login.
• Group and Membership Control — Create and update groups, add or remove members, and change member roles (`MEMBER`, `MANAGER`, `OWNER`) — all via straightforward REST calls.
• Organizational Unit (OU) Administration — List, create, update, and delete organizational units. Move users between OUs by updating their `orgUnitPath` during a user update.
• Role and Domain Management — List available admin roles, view and create role assignments scoped to the entire customer or specific OUs, and inspect domain records associated with your Workspace account.
• Multi-connection Support — If you manage multiple Google Workspace domains, you can maintain separate OAuth connections and target a specific one per request using the `Maton-Connection` header.

Requirements

Admin privileges on the Google Workspace domain are required for most operations. - **Network Access** — The runtime environment must be able to reach `gateway.maton.ai` and `ctrl.maton.ai`.

- **Maton API Key** *(required)* — Authenticates all requests to the Maton gateway and manages your Google OAuth connection. Obtain at [maton.ai/settings](https://maton.ai/settings). - **Google OAuth Connection** *(required)* — A Google Workspace Admin OAuth connection must be created and authorized via [ctrl.maton.ai](https://ctrl.maton.ai).

Use Cases

• Automated employee onboarding — When a new hire record appears in your HR system, an AI agent calls this skill to create a Google Workspace account, assign the user to the correct organizational unit (e.g., `/Engineering`), and add them to the relevant team group — all without human intervention in the Admin console.
• Bulk user audit and reporting — An agent queries all users with `maxResults=500` and pagination, filters by last login time or org unit, and generates a CSV report of inactive accounts flagged for review or suspension.
• Group sync from an external system — An agent compares the current membership of a Google Group against a source-of-truth (e.g., a project management tool) and issues add/remove member calls to keep the two in sync.
• Offboarding automation — On an employee's last day, an agent suspends the user account, removes them from all groups, and transfers ownership of shared resources — reducing IT workload and ensuring consistent offboarding.