This page explains how administrators can grant permission for Gemini Enterprise to access an ADK agent that runs within Vertex AI Agent Engine in a different Google Cloud project.
Identify the Gemini Enterprise service agent
To find the service agent email address for your Gemini Enterprise app project:
- In the Google Cloud console, go to the project that contains your Gemini Enterprise app.
- From the project list, find the project number.
Construct the service agent email address using the following format:
service-PROJECT_NUMBER@gcp-sa-discoveryengine.iam.gserviceaccount.comReplace
PROJECT_NUMBERwith the project number from the previous step.
Grant permissions in the agent project
Grant the Gemini Enterprise service agent permissions in the project where the ADK agent is hosted with Vertex AI Agent Engine:
- In the Google Cloud console, go to the project where the ADK agent is hosted with Vertex AI Agent Engine.
- Go to IAM & Admin > IAM.
- Click Grant Access.
- In the New principals field, enter the service agent email address that you identified in the previous section.
- In the Select a role list, search for and select Discovery Engine
Service Agent (
roles/discoveryengine.serviceAgent). - Click Save.
What's next
- After granting these permissions, you can Register the ADK agent in your Gemini Enterprise app, using the agent's resource path from the agent project.