Manage Google Workspace Users and Groups from Your AI Agent with the Google Workspace Admin Skill

If you're running a company or managing a team on Google Workspace, you know the admin console can be tedious. Creating users, managing groups, updating org units — it's all clicks and forms. But what if your AI agent could handle these admin tasks directly? The Google Workspace Admin skill brings the full Admin SDK to Clawdbot, letting you automate user provisioning, group management, and organizational structure from natural language or scripts.

Who Needs This?

• IT administrators who onboard/offboard employees regularly
• Startup founders managing growing teams without dedicated IT
• DevOps engineers automating user provisioning in CI/CD pipelines
• Anyone tired of clicking through the Google Admin console

Installation

npx clawhub@latest install google-workspace-admin

You'll also need a Maton API key — the skill uses Maton's managed OAuth to handle Google authentication securely:

1. Sign up at maton.ai
2. Go to maton.ai/settings
3. Copy your API key
4. Set the environment variable:

export MATON_API_KEY="your-api-key-here"

Then connect your Google Workspace account by creating a connection:

python <<'EOF'
import urllib.request, os, json
data = json.dumps({"app": "google-workspace-admin"}).encode()
req = urllib.request.Request("https://ctrl.maton.ai/connections", data=data, method="POST")
req.add_header("Authorization", f"Bearer {os.environ[MATON_API_KEY]}")
req.add_header("Content-Type", "application/json")
result = json.load(urllib.request.urlopen(req))
print(f"Open this URL to authorize: {result[connection][url]}")
EOF

Practical Examples

1. List All Users in Your Domain

Quickly audit who has access to your workspace:

python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request(
    "https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users?customer=my_customer&maxResults=50"
)
req.add_header("Authorization", f"Bearer {os.environ[MATON_API_KEY]}")
users = json.load(urllib.request.urlopen(req))
for user in users.get("users", []):
    print(f"{user[primaryEmail]} - {user[name][fullName]} - Suspended: {user.get(suspended, False)}")
EOF

2. Create a New Employee Account

Onboard someone in seconds:

python <<'EOF'
import urllib.request, os, json
new_user = {
    "primaryEmail": "jane.doe@yourcompany.com",
    "name": {"givenName": "Jane", "familyName": "Doe"},
    "password": "Welcome2025!",
    "changePasswordAtNextLogin": True,
    "orgUnitPath": "/Engineering"
}
req = urllib.request.Request(
    "https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/users",
    data=json.dumps(new_user).encode(),
    method="POST"
)
req.add_header("Authorization", f"Bearer {os.environ[MATON_API_KEY]}")
req.add_header("Content-Type", "application/json")
result = json.load(urllib.request.urlopen(req))
print(f"Created user: {result[primaryEmail]}")
EOF

3. Add Someone to a Group

Manage team mailing lists and permissions:

python <<'EOF'
import urllib.request, os, json
member = {"email": "jane.doe@yourcompany.com", "role": "MEMBER"}
req = urllib.request.Request(
    "https://gateway.maton.ai/google-workspace-admin/admin/directory/v1/groups/engineering@yourcompany.com/members",
    data=json.dumps(member).encode(),
    method="POST"
)
req.add_header("Authorization", f"Bearer {os.environ[MATON_API_KEY]}")
req.add_header("Content-Type", "application/json")
result = json.load(urllib.request.urlopen(req))
print(f"Added {result[email]} to group as {result[role]}")
EOF

Tips and Best Practices

• Use my_customer as the customer ID for your own domain — no need to look up your actual customer ID
• Org unit paths start with / — e.g., /Engineering/Frontend
• Roles in groups can be OWNER, MANAGER, or MEMBER
• Password requirements must meet Google's complexity rules (8+ chars, mixed case, numbers)
• Rate limits are 10 requests/second per account — batch your operations if doing bulk imports
• Suspend vs delete — suspend users to preserve their data; delete only for full removal

What You Can Automate

With this skill, your agent can:

• User management: Create, update, suspend, delete users; reset passwords; grant admin roles
• Group management: Create groups, add/remove members, change roles
• Org units: Structure your organization, move users between departments
• Domains: List and inspect your verified domains
• Roles: Assign and manage admin privileges

Security Notes

This skill is marked Benign by both VirusTotal and OpenClaw's security scanner. It routes all requests through Maton's gateway, which handles OAuth token management — your credentials never touch the skill code directly.

Conclusion

The Google Workspace Admin skill transforms tedious admin console work into simple API calls. Whether you're onboarding a new hire, cleaning up stale accounts, or restructuring your org chart, your AI agent can now do it in seconds.

Links:

• Install from ClawdHub
• Google Admin SDK Docs
• Maton API Gateway