Enterprise Admin Controls
Gemini CLI empowers enterprise administrators to manage and enforce security policies and configuration settings across their entire organization. Secure defaults are enabled automatically for all enterprise users, but can be customized via the Management Console.
Enterprise Admin Controls are enforced globally and cannot be overridden by users locally, ensuring a consistent security posture.
Admin Controls vs. System Settings
Section titled “Admin Controls vs. System Settings”While System-wide settings act as convenient configuration overrides, they can still be modified by users with sufficient privileges. In contrast, admin controls are immutable at the local level, making them the preferred method for enforcing policy.
Available Controls
Section titled “Available Controls”Strict Mode
Section titled “Strict Mode”Enabled/Disabled | Default: enabled
If enabled, users will not be able to enter yolo mode.
Extensions
Section titled “Extensions”Enabled/Disabled | Default: disabled
If disabled, users will not be able to use or install extensions. See Extensions for more details.
Enabled/Disabled
Section titled “Enabled/Disabled”Enabled/Disabled | Default: disabled
If disabled, users will not be able to use MCP servers. See MCP Server Integration for more details.
MCP Servers (preview)
Section titled “MCP Servers (preview)”Default: empty
Allows administrators to define an explicit allowlist of MCP servers. This guarantees that users can only connect to trusted MCP servers defined by the organization.
Allowlist Format:
{ "mcpServers": { "external-provider": { "url": "https://api.mcp-provider.com", "type": "sse", "trust": true, "includeTools": ["toolA", "toolB"], "excludeTools": [] }, "internal-corp-tool": { "url": "https://mcp.internal-tool.corp", "type": "http", "includeTools": [], "excludeTools": ["adminTool"] } }}Supported Fields:
url: (Required) The full URL of the MCP server endpoint.type: (Required) The connection type (e.g.,sseorhttp).trust: (Optional) If set totrue, the server is trusted and tool execution will not require user approval.includeTools: (Optional) An explicit list of tool names to allow. If specified, only these tools will be available.excludeTools: (Optional) A list of tool names to hide. These tools will be blocked.
Client Enforcement Logic:
- Empty Allowlist: If the admin allowlist is empty, the client uses the user’s local configuration as is (unless the MCP toggle above is disabled).
- Active Allowlist: If the allowlist contains one or more servers, all locally configured servers not present in the allowlist are ignored.
- Configuration Merging: For a server to be active, it must exist in
both the admin allowlist and the user’s local configuration (matched by
name). The client merges these definitions as follows:
- Override Fields: The
url,type, &trustare always taken from the admin allowlist, overriding any local values. - Tools Filtering: If
includeToolsorexcludeToolsare defined in the allowlist, the admin’s rules are used exclusively. If both are undefined in the admin allowlist, the client falls back to the user’s local tool settings. - Cleared Fields: To ensure security and consistency, the client
automatically clears local execution fields (
command,args,env,cwd,httpUrl,tcp). This prevents users from overriding the connection method. - Other Fields: All other MCP fields are pulled from the user’s local configuration.
- Override Fields: The
- Missing Allowlisted Servers: If a server appears in the admin allowlist but is missing from the local configuration, it will not be initialized. This ensures users maintain final control over which permitted servers are actually active in their environment.
Unmanaged Capabilities
Section titled “Unmanaged Capabilities”Enabled/Disabled | Default: disabled
If disabled, users will not be able to use certain features. Currently, this control disables Agent Skills. See Agent Skills for more details.