Connecting Siit MCP to Google Gemini Enterprise
By connecting the Siit MCP to your Google Gemini Enterprise account, you allow Gemini to securely interact with your service desk, employee workflows, assets, and requests using simple natural language. This guide provides step-by-step instructions for organization administrators to implement this bridge safely.
Prerequisites & Requirements
Before initiating the installation, ensure you have administrative permissions across both platforms:
- Siit Environment: Access to the Admin Console with Public API & MCP permissions
- Google Cloud Platform (GCP): An active project tied to your Gemini Enterprise licenses with the Discovery Engine Editor (roles/discoveryengine.editor) and Organization Policy Administrator IAM roles.
Step 1: Modify Google Cloud Organization Policies
By default, Google Cloud applies a restrictive management constraint that restricts custom third-party MCP endpoints. This safety barrier must be bypassed at the organizational or project level before proceeding.
- Log into the Google Cloud Console and navigate to the Organization Policies dashboard.
- Search for the following constraint: constraints/gcp.disableCustomMcpServer ("Disable custom MCP server connector for Gemini Enterprise").
- Select the policy, click Edit Policy, and choose Customize.
- Under Enforcement status, select Off to allow custom MCP data stores within your designated ecosystem. Click Save.
Note: Google Cloud policy adjustments can take up to 5 to 10 minutes to propagate globally across your cloud environment.
Step 2: Create the Custom MCP Data Store in Gemini
With credentials active, you can now construct the architectural container within Google Cloud that handles your requests.
- In the Google Cloud Console, navigate to Gemini Enterprise (or Vertex AI Search and Conversation).
- In the left-hand navigation pane, select Data Stores, then click + Create Data Store.
- From the available sources list, select the Custom MCP Server (Preview) card.
- Fill out the form fields using the data retrieved from Siit in Step 2:
- Transport Type: Choose Streamable HTTP (SSE mode).
- Server URL: Insert your unique Siit Server URL endpoint.
- Authentication Protocol: Select OAuth 2.0 / 2.1.
- Scopes: Enter all available scopes
- Scroll down to the Model Routing Description field. This natural language explanation instructs Gemini's core orchestration layer on exactly when to invoke the Siit connection. Copy and paste this description text:
"Use this server application connector to interact directly with the Siit enterprise IT Service Desk and operational platform. This system handles reading, indexing, creating, updating, or assigning internal IT tickets, customer help requests, managing employee equipment or software provisions, looking up user group memberships, and looking up organizational knowledge base documentation stored within Siit." - Name the data store explicitly (e.g., Siit-Service-Desk-MCP) and click Create.
Step 3: Audit & Enable Siit Functional Tools
For explicit safety control, Gemini imports external capabilities in an inactive state. You must manually unlock the precise functions your workspace requires.
- Open your newly established Siit-Service-Desk-MCP data store from the console inventory.
- Click into the Actions / Tools control tab.
- Click Reload Custom Actions. This commands Google to query Siit's available endpoints. The interface will populate with operational tools, such as siit_get_ticket, siit_create_ticket, and siit_lookup_hardware.
- Check the activation box next to each action your team needs access to, and click Enable Actions.
Step 5: User Verification & Sign-on
Once deployed globally by an administrator, individual employees can invoke the tool within their conversational workflow.
- Instruct an authorized employee to navigate to their main Gemini Enterprise Chat Workspace.
- At the bottom left of the chat window, click the Data Connections / Extensions toggle array.
- Locate Siit-Service-Desk-MCP and switch the toggle to Active (ON).
- The browser will present an automatic OAuth login prompt. The user must sign in securely using their corporate Siit identity credentials to complete the authorization loop.
