This page describes how Gemini Enterprise admins can register Agent Development Kit (ADK) agents hosted on Vertex AI Agent Engine so they can be made available to users on the Gemini Enterprise web app.
Before you begin
Make sure you have the following:
-
The Discovery Engine Admin role.
-
Enable the Discovery Engine API. To enable the Discovery Engine API for the Google Cloud project, in the Google Cloud console, go to the Discovery Engine APIpage.
-
An existing Gemini Enterprise app. To create an app, see Create an app .
-
An ADK agent that is hosted on the Vertex AI Agent Engine. For more information, see Overview of Agent Development Kit .
- If you don't have an agent, follow the steps in the
adk-samplesGitHub Repository to deploy afun_factsagent to Vertex AI Agent Engine. You can then register the agent with Gemini Enterprise.
- If you don't have an agent, follow the steps in the
Configure authorization details (Optional)
Create OAuth 2.0 credentials for the agent to access Google Cloud resources, such as BigQuery tables, on a user's behalf.
Obtain authorization details
Follow these steps to obtain the authorization details.
-
In the Google Cloud console, on the APIs & Servicespage, go to the Credentialspage.
-
Select the Google Cloud project, which has the data source you want the agent to access. For example, select the project that contains the BigQuery dataset that you want the agent to query.
-
Click Create credentialsand select OAuth client ID.
-
In Application type, select Web application.
-
In the Authorized redirect URIssection, add the following URIs:
-
https://vertexaisearch.cloud.google.com/oauth-redirect -
https://vertexaisearch.cloud.google.com/static/oauth/oauth.html
-
-
Click Create.
-
In the OAuth client createdpanel, click Download JSON. The downloaded JSON includes the
Client ID,Authorization URI,Token URI, andClient secretfor the selected Google Cloud project. You need these details to create an authorization resource:
Add an authorization resource to Gemini Enterprise
Run the following command to register an authorization resource with Gemini Enterprise:
REST
curl
-X
POST
\
-H
"Authorization: Bearer
$(
gcloud
auth
print-access-token )
"
\
-H
"Content-Type: application/json"
\
-H
"X-Goog-User-Project: PROJECT_ID
"
\
"https:// ENDPOINT_LOCATION
-discoveryengine.googleapis.com/v1alpha/projects/ PROJECT_ID
/locations/ LOCATION
/authorizations?authorizationId= AUTH_ID
"
\
-d
'{
"name": "projects/ PROJECT_ID
/locations/ LOCATION
/authorizations/ AUTH_ID
",
"serverSideOauth2": {
"clientId": " OAUTH_CLIENT_ID
",
"clientSecret": " OAUTH_CLIENT_SECRET
",
"authorizationUri": " OAUTH_AUTH_URI
",
"tokenUri": " OAUTH_TOKEN_URI
"
}
}'
Replace the following:
-
PROJECT_ID: the ID of your project. -
ENDPOINT_LOCATION: the multi-region for your API request. Specify one of the following values:-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
-
LOCATION: the multi-region of your data store:global,us, oreu -
AUTH_ID: The ID of the authorization resource. This is an arbitrary alphanumeric ID that you define. You need to reference this ID later when registering an Agent that requires OAuth support. -
OAUTH_CLIENT_ID: the OAuth 2.0 client identifier you obtained when you created the OAuth credentials. -
OAUTH_CLIENT_SECRET: the OAuth 2.0 client secret you obtained when you created the OAuth credentials. -
OAUTH_AUTH_URI: the Authorization URI. To authorize your app, construct a specific Authorization URI using the details from your OAuth credentials JSON file. Copy the following template, and replace the placeholders with your specific values.https://accounts.google.com/o/oauth2/v2/auth?client_id= YOUR_CLIENT_ID &redirect_uri=https%3A%2F%2Fvertexaisearch.cloud.google.com%2Fstatic%2Foauth%2Foauth.html&scope= YOUR_CUSTOM_SCOPES &include_granted_scopes=true&response_type=code&access_type=offline&prompt=consent
Parameter Breakdown
To help ensure that the URI works correctly, verify the following fields:
Parameter Value or action client_idReplace with the client_idthat's found in your downloaded JSON.redirect_uriDon't change. Must be https://vertexaisearch.cloud.google.com/static/oauth/oauth.html.scopeAction required: List the Google API scopes that your app needs (such as, https://www.googleapis.com/auth/bigquery). If you're using multiple scopes, separate them with a space, which becomes%20in the URL.include_granted_scopesMust be true.response_typeMust be codeto receive an authorization code.access_typeSet to offlineto help ensure that you receive a refresh token.promptSet to consentto help ensure that the user is always shown a consent screen. -
OAUTH_TOKEN_URI: the token URI you obtained when you created the OAuth credentials.
Register an ADK agent with Gemini Enterprise
You can register your ADK agent with Gemini Enterprise using either the Google Cloud console or the REST API. This makes the agent available to users within a Gemini Enterprise app.
Console
To register an ADK agent using the Google Cloud console, follow these steps:
-
In the Google Cloud console, go to the Gemini Enterprise page.
-
Click the name of the app that you want to register the agent with.
-
Click Agents. The Agentspage displays.
-
Click Add agent. The Add an agentpanel displays.
-
Click Addfor Custom agent via Agent Engine. The Authorizationspage displays.
-
If you want the agent to access Google Cloud resources on your behalf, then each resource needs an authorization. To set up an authorization for a single resource, follow these steps:
-
Click Add authorization.
-
Enter a unique value for Authorization name. An ID is generated based on the name, and it can't be changed later.
-
Enter the values that you generated in the Obtain authorization details section in the following fields:
-
Enter the value in the Client IDfield.
-
Enter the value in the Client secretfield.
-
Enter the value in the Token URIfield.
-
Click Done.
-
-
-
Click Next.
-
To configure your agent, follow these steps:
-
Enter a name in the Agent namefield. This value appears in the Gemini Enterprise web app as the display name of your agent.
-
Enter a description in the Describe your agentfield. This value is used by an LLM to determine whether to invoke your agent in response to a user query.
-
Enter the Agent Engineresource path. The resource path has the following format:
https:// LOCATION -aiplatform.googleapis.com/v1/projects/ PROJECT_ID /locations/ LOCATION /reasoningEngines/ AGENT_ENGINE_ID
For more information on how to list the agents hosted on Vertex AI Agent Engine and get the resource path, see List deployed agents .
-
Click Create.
-
REST
This code sample demonstrates how you can register your ADK agents.
curl
-X
POST
\
-H
"Authorization: Bearer
$(
gcloud
auth
print-access-token )
"
\
-H
"Content-Type: application/json"
\
-H
"X-Goog-User-Project: PROJECT_ID
"
\
"https:// ENDPOINT_LOCATION
-discoveryengine.googleapis.com/v1alpha/projects/ PROJECT_ID
/locations/global/collections/default_collection/engines/ APP_ID
/assistants/default_assistant/agents"
\
-d
'{
"displayName": " DISPLAY_NAME
",
"description": " DESCRIPTION
",
"icon": {
"uri": " ICON_URI
"
},
"adkAgentDefinition": {
"provisionedReasoningEngine": {
"reasoningEngine": "projects/ PROJECT_ID
/locations/ AGENT_ENGINE_LOCATION
/reasoningEngines/ AGENT_ENGINE_ID
"
}
},
"authorizationConfig": {
"toolAuthorizations": [
"projects/ PROJECT_NUMBER
/locations/global/authorizations/ AUTH_ID
"
]
}
}'
Replace the variables with values:
-
ENDPOINT_LOCATION : the multi-region for your API request. Specify one of the following values:
-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
-
PROJECT_ID : the ID of your Google Cloud project.
-
PROJECT_NUMBER : the number of your Google Cloud project.
-
APP_ID : the unique identifier for the Gemini Enterprise app.
-
DESCRIPTION : the description of the agent that's displayed in Gemini Enterprise.
-
ICON_URI : the public URI of the icon to display near the name of the agent. Alternatively, you can pass Base64-encoded image file contents, and in that case, use
icon.content. -
AGENT_ENGINE_ID : the ID of the Vertex AI Agent Engine endpoint where the ADK agent is deployed. For more information on how to list the agents hosted on Vertex AI Agent Engine and get the resource ID, see List deployed agents .
-
AGENT_ENGINE_LOCATION : the cloud location of the Vertex AI Agent Engine endpoint. For more information, see Vertex AI Agent Engine location .
-
authorization_config: If you obtained the authorization details and want the agent to access Google Cloud resources on behalf of the user, add theauthorization_configfield to your JSON resource.-
AUTH_ID: the value that you used for AUTH_ID in the Configure authorization details section.
-
Add permissioned users
To add permissioned users to an ADK agent using the Google Cloud console, see Add or modify users and their permissions .
List agents connected to an app
The following code sample demonstrates how you can get the details of all the agents connected to your app:
REST
curl
-X
GET
\
-H
"Authorization: Bearer
$(
gcloud
auth
print-access-token )
"
\
"https:// ENDPOINT_LOCATION
-discoveryengine.googleapis.com/v1alpha/projects/ PROJECT_ID
/locations/ LOCATION
/collections/default_collection/engines/ APP_ID
/assistants/default_assistant/agents"
Replace the variables with values:
- ENDPOINT_LOCATION
: the multi-region for your API request. Specify one of the following
values:
-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
- PROJECT_ID : the ID of your Google Cloud project.
- LOCATION
: the multi-region of your app:
global,us, oreu. - APP_ID : the ID of your Gemini Enterprise app.
If your agent isn't prebuilt by Google, the response includes a name
field
in the first few lines. The value of this field contains the Agent ID at the
end of the path. For example, in the following response, the Agent ID is 12345678901234567890
:
{
"name": "projects/123456/locations/global/collections/default_collection/engines/my-app/assistants/default_assistant/agents/12345678901234567890",
...
}
View the details of an ADK agent
The following code sample demonstrates how you can retrieve the details of an agent that was registered with Gemini Enterprise:
REST
curl
-X
GET
\
-H
"Authorization: Bearer
$(
gcloud
auth
print-access-token )
"
\
"https:// ENDPOINT_LOCATION
-discoveryengine.googleapis.com/v1alpha/projects/ PROJECT_ID
/locations/ LOCATION
/collections/default_collection/engines/ APP_ID
/assistants/default_assistant/agents/ AGENT_ID
"
Replace the variables with values:
- ENDPOINT_LOCATION
: the multi-region for your API request. Specify one of the following
values:
-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
- PROJECT_ID : the ID of your Google Cloud project.
- LOCATION
: the multi-region of your app:
global,us, oreu. - APP_ID : the ID of your Gemini Enterprise app.
- AGENT_ID : The ID of the agent. You can find the agent ID by listing the agents connected to your app .
Update an ADK agent
You can modify the details of an existing agent registered with Gemini Enterprise using either the Google Cloud console or the REST API.
Console
To update the agent using the Google Cloud console, follow these steps:
-
In the Google Cloud console, go to the Gemini Enterprise page.
-
Click the name of the app that includes the agent you want to update.
-
Click Agents.
-
Click the name of the Agent engineagent that you want to update, and then click Edit.
-
Update the Display name, Description, or the Agent Engine reasoning engine.
The resource path has the following format:
projects/ PROJECT_ID /locations/ LOCATION /reasoningEngines/ AGENT_ENGINE_ID
For more information on how to list the agents hosted on Vertex AI Agent Engine and get the resource path, see List deployed agents .
-
Click Save.
REST
You can update all fields during the agent registration. However, the following fields must be updated:
-
displayName -
description -
reasoningEngineThis code sample demonstrates how you can update the registration of an existing ADK agent:
curl -X PATCH \ -H "Authorization: Bearer $( gcloud auth print-access-token ) " \ -H "Content-Type: application/json" \ -H "X-Goog-User-Project: PROJECT_ID " \ "https:// ENDPOINT_LOCATION -discoveryengine.googleapis.com/v1alpha/ AGENT_RESOURCE_NAME " \ -d '{ "displayName": " DISPLAY_NAME ", "description": " DESCRIPTION ", "adkAgentDefinition": { "provisionedReasoningEngine": { "reasoningEngine": "projects/ PROJECT_ID /locations/ AGENT_ENGINE_LOCATION /reasoningEngine s/ AGENT_ENGINE_ID " }, } }'Replace the variables with values:
-
ENDPOINT_LOCATION : the multi-region for your API request. Specify one of the following values:
-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
-
PROJECT_ID : the ID of your Google Cloud project.
-
AGENT_RESOURCE_NAME : the resource name of the agent registration to be updated.
-
DISPLAY_NAME : required. the user-friendly name for your agent that displays in Gemini Enterprise.
-
DESCRIPTION : required. A brief explanation of what your agent does that's visible to users in Gemini Enterprise.
-
AGENT_ENGINE_LOCATION : required. The cloud location of the Vertex AI Agent Engine endpoint that where the agent is deployed. For more information, see Vertex AI Agent Engine location .
-
AGENT_ENGINE_ID : required. the ID of the Vertex AI Agent Engine endpoint where the ADK agent is deployed. For more information on how to list the agents hosted on Vertex AI Agent Engine and get the resource ID, see List deployed agents .
Delete an ADK agent
The following code sample demonstrates how you can delete an agent that is connected to your app:
REST
curl -X DELETE \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https:// ENDPOINT_LOCATION
-discoveryengine.googleapis.com/v1alpha/projects/ PROJECT_ID
/locations/ LOCATION
/collections/default_collection/engines/ APP_ID
/assistants/default_assistant/agents/ AGENT_ID
"
Replace the variables with values:
- ENDPOINT_LOCATION
: the multi-region for your API request. Specify one of the following
values:
-
usfor the US multi-region -
eufor the EU multi-region -
globalfor the Global location
-
- PROJECT_ID : the ID of your Google Cloud project.
- LOCATION
: the multi-region of your app:
global,us, oreu - APP_ID : the ID of your Gemini Enterprise app.
- AGENT_ID : the ID of the agent. You can find the agent ID by listing the agents connected to your app .
Vertex AI Agent Engine location
When registering or updating an agent, the Vertex AI Agent Engine location must be compatible with the location of your Gemini Enterprise app. Mismatched locations result in an error.
Refer to the following table for compatibility requirements:
| Gemini Enterprise app location | Allowed Vertex AI Agent Engine location(s) |
|---|---|
global
|
Any supported Google Cloud region |
us
|
Any region starting with us-
, such as us-central1
or us-east4
|
eu
|
Any region starting with europe-
, such as europe-west1
or europe-west3
|
