Guides, Integrations, Google
How to connect your Google account to Warden9
Warden9 lets your agents act on real systems on behalf of your end users. Connecting Google is how you give an agent scoped access to Gmail, Google Calendar, Drive, Docs, Sheets, and the rest of Google's APIs — without ever handing the model a credential.
This guide walks through the whole flow, from the Auth Providers page in the dashboard to a live, connected Google account. It takes about a minute.
Before you start
You'll need two things:
- A Warden9 workspace you can sign in to. If you don't have one yet, start free.
- A Google account to connect. This is the account whose Gmail/Calendar/Drive your agents will act on.
Google runs on Warden9's platform-managed OAuth app, so there's nothing to register in Google Cloud Console and no client ID or secret to paste. You just click Connect and approve.
Step 1 — Open Auth Providers
In the dashboard sidebar, go to Configuration → Auth Providers (or press ⌘K / Ctrl+K and search for "Auth Providers").
This page lists every OAuth provider Warden9 supports. Each row shows a credentials badge telling you how it authenticates. Google shows a blue Managed badge — that's the platform-managed app, ready to use with no setup.

Step 2 — Click Connect on the Google row
Find the Google row and click Connect.

Warden9 asks which end user you're connecting on behalf of. OAuth connections in Warden9 are per-end-user: each of your users gets their own token, so an agent always acts as the right person. For a first connection you can accept the default (default).
A Google consent window then opens.
Step 3 — Choose your Google account
In the Google window, pick the account you want to connect (or choose Use another account to sign in with a different one).

Google confirms you're signing in to warden9.com. Click Continue.

Step 4 — Review and grant access
Google shows exactly what Warden9 is requesting. Review the scopes and click Continue.

You can fine-tune the individual permissions on the Select what warden9.com can access screen — Drive, Docs, Sheets, and Calendar are each listed with their own checkbox so you can grant only what you need.

When you approve, Google redirects back to Warden9, the window closes itself, and the token is exchanged and stored automatically.
Step 5 — Confirm the connection
Back on the Auth Providers page, your new connection appears under OAuth Connections. You'll see the provider (Google), the end user, a green Connected status, the Access and Refresh tokens Warden9 holds, and the granted scopes.

That's it — Google is connected.
What happens to your tokens
This is the part that matters for security. When you connect Google:
- Tokens are encrypted at rest. Warden9 stores the access and refresh tokens encrypted; they are never written to logs or returned to the dashboard.
- The model never sees a credential. When an agent calls a Google tool, Warden9 injects the token as a
Bearercredential at the moment of the call, inside the runtime. The token never enters the prompt, the model's context, or your application code. - Every call is scoped and governed. Warden9 requests least-privilege scopes and runs each tool call through its policy pipeline, so a connected account doesn't mean unchecked access.
Disconnecting
To revoke access, open Auth Providers, find the connection under OAuth Connections, and click the trash icon. Warden9 removes the stored tokens immediately.
Frequently asked questions
Do I need my own Google Cloud OAuth app?
No. Google runs on Warden9's platform-managed app, so there's no client ID or secret to configure. Just click Connect.
Which Google services can agents access?
Gmail, Google Calendar, Drive, Docs, Sheets, and BigQuery, among others. Warden9 requests only the scopes your tools actually need, and you approve them on Google's consent screen.
Does the agent ever see my Google password or token?
Never. Authentication happens entirely on Google's side, and the resulting tokens are held encrypted by the Warden9 runtime. The model only ever asks the runtime to make a call — it never handles the credential.
Can I connect more than one Google account?
Yes. Connections are per-end-user, so each of your users connects their own Google account and agents act as the correct person for each request.
Want to see governed agents acting on Google in production? Start free or
book a demo.