Glean A2A server

The Glean A2A server lets external AI platforms invoke Glean Assistant as a remote agent using the open Agent2Agent (A2A) protocol. Once you turn it on, A2A-capable platforms such as Google Gemini Enterprise can discover Glean Assistant and send it questions on behalf of your users.

Every request runs as the individual user, under the same permissions and content controls that apply in Glean Chat. A user asking Glean a question through Gemini gets a similar answer to the one they'd get in Glean itself.

How it works

Diagram of the Glean A2A flow: an A2A client agent such as Gemini Enterprise discovers the Glean agent card, sends a task or prompt, and streams messages, while the Glean A2A server routes the request to Glean Assistant and streams updates back until a final answer or artifact is returned

How an external A2A client agent discovers and communicates with the Glean A2A server

The A2A server exposes Glean Assistant as a single remote agent:

Agent discovery: Glean publishes a per-deployment agent card at /.well-known/agent-card.json on your Glean instance. External A2A clients use this card to discover the agent's endpoint, capabilities, and authentication requirements. The exact agent card URL for your deployment is shown on the A2A Server admin page.
Messaging: The agent card advertises a JSON-RPC endpoint that supports the standard A2A methods, including message/send and message/stream (which delivers task status updates and the final answer over Server-Sent Events), plus tasks/get and tasks/cancel for task management.
Assistant routing: Glean Assistant handles each incoming request and routes it to enterprise search, document retrieval, or any agents your organization has enabled in Glean Chat. Multi-turn conversations are supported: a client can continue a session across messages, and the conversation is saved to the user's Glean Chat history.

info

Per-agent A2A configuration isn't available yet. To make a Glean agent reachable over A2A, enable it in Glean Assistant; the external platform talks to Glean Assistant, which invokes the agent. Exposing individual agents directly over A2A is planned for a future release.

Authentication and permissions

The A2A server uses the same Glean OAuth authorization server as the Glean MCP server:

The agent card advertises an OAuth 2.0 authorization code flow pointing at your Glean deployment's authorization and token endpoints.
External A2A clients authenticate using dynamic client registration with PKCE.
Every request runs on behalf of an authenticated Glean user. Responses respect that user's document permissions, and tasks are only visible to the user who created them.
Users must have access to Glean Assistant to use Glean through A2A. Users without Assistant access receive an authorization error.

You don't need to provision any additional credentials or service accounts in Glean.

Set up the A2A server

Enable the Glean OAuth authorization server.

Navigate to Admin console → Users & permissions → Third-party access (OAuth) and enable the Glean OAuth authorization server. If you already use the Glean MCP server, this is likely already enabled.

Enable the A2A server.

Navigate to Admin console → Platform → A2A Server and turn on the Enable A2A server toggle.

A2A Server admin page showing the Enable A2A server toggle and the agent card section

The A2A Server admin page with the agent card URL and agent card contents

Copy the agent card URL.

Once enabled, the page displays your deployment's agent card URL (ending in /.well-known/agent-card.json) along with the agent card contents. Copy the URL to share with the external platform.

Connect an external platform

In the external A2A client (for example, Google Gemini Enterprise), register Glean Assistant as a remote agent using your agent card URL. Refer to the external platform's documentation for its specific registration steps.

Complete the OAuth flow.

When prompted, sign in to Glean to authorize the connection. Each user authorizes individually, so all requests run with their own Glean permissions.

Verify the connection.

Ask a question through the external platform (for example, "Who is my manager?") and confirm that Glean Assistant responds.

Limitations

The A2A server exposes Glean Assistant as a single agent. Individual Glean agents can't be addressed directly over A2A; Assistant invokes them when they're enabled in Glean Chat.
The A2A server is inbound only: external platforms can invoke Glean, but Glean Assistant can't call external A2A agents. If you're interested in this capability, please reach out to your account team.
Only the text parts of an A2A message are used as the prompt. File and data attachments are currently ignored; support for them is planned for a future release.

FAQ

How is this different from the Glean MCP server?

The Glean MCP server exposes Glean tools (such as search and chat) to MCP hosts like IDEs and AI assistants using the Model Context Protocol. The A2A server exposes Glean Assistant as a remote agent to platforms that speak the A2A protocol, such as agent marketplaces and multi-agent runtimes. Both use the Glean OAuth authorization server for authentication.

Which external platforms are supported?

Any A2A-compliant client can connect using the agent card.

Do answers respect document permissions?

Yes. Every request runs as the authenticated Glean user, and Glean Assistant only uses content that user is permitted to access.

How it works​

Authentication and permissions​

Set up the A2A server​

Connect an external platform​

Limitations​

FAQ​

How is this different from the Glean MCP server?​

Which external platforms are supported?​

Do answers respect document permissions?​

See also​