Gemini Enterprise Guide

Comprehensive Deployment & Grounding Manual

1. Setup, Identities & Licensing

1.1 Environment Prerequisites

Before beginning the technical setup in the Google Cloud Console, ensure your environment meets the following baseline requirements:

  • Google Cloud Organization: The project must exist within a formal Google Cloud Organization (individual accounts lack the necessary enterprise identity handling).
  • Billing Account: A valid Google Cloud billing account must be linked to the project. Licenses can be distributed from one billing account to multiple projects.
  • IAM Roles: The administrator performing this setup must have the Discovery Engine Admin role.
  • Required APIs: You must enable four critical APIs: Vertex AI, Discovery Engine, Cloud Storage, and IAM.

Note: Meeting these prerequisites and creating your first app automatically triggers a 30-day free trial for up to 50 users.

1.2 Instance Creation & Configuration

  1. Navigate to the Google Cloud Console and search for Gemini Enterprise.
  2. Click Create App and provide a display name.
  3. Select Location:
    • Global (Default): Offers the full suite of features including autocomplete, idea generation agent, and enterprise web grounding. (Recommended unless strict sovereignty is required).
    • Specific Regions (US, EU, etc.): Keeps data at rest within legal boundaries, but may lack certain features. Note that high-intensity ML tasks (like video generation) may still process globally.
  4. Advanced Options: Provide your company's external name to give the LLM context for higher-quality business responses. If using external partners, check "Include cross-domain documents" to allow Gemini to index authorized external workspace files.

1.3 Identity Provider Configuration

You must choose an Identity Provider (IdP) for the entire project. This is a foundational, irreversible choice for the app:

Google Identity

Select this if your team uses Google Workspace accounts natively. Easiest setup path.

Third-Party Identity

Requires Workforce Identity Federation (WIF). Use this if relying on Okta, Azure AD, etc., to avoid provisioning separate Google accounts.

1.4 Subscriptions & License Allocation

To move beyond the trial, go to Manage Subscription > Create Subscription.

Feature Gemini Enterprise Standard Gemini Enterprise Plus
Target Audience Majority of organizational users Power users, data-heavy environments
Pooled Storage 30 GB per user 75 GB per user
Generative Quotas Standard limits Significantly higher for videos/images

Assigning Seats: Under Manage Users, you can manually assign licenses via email or enable Automatic Assignment (recommended for wide rollouts), which grants a license upon first login. You can mix Standard and Plus licenses in the same project.

CRITICAL REQUIREMENT

Users must have the Discovery Engine User IAM role at the project level to log in. Without this, they will be blocked even if they possess a valid license seat.

Quotas are Pooled: If you have 100 Plus users with 30 queries/day each, the organization shares a pool of 3,000 queries/day.

Bonus: Code Assist Trial

A separate 30-day/50-license trial for Gemini Enterprise Code Assist is bundled, but it is managed at the Billing ID level, not the project level. Click the Code Assist sidebar icon, follow the activation flow, and ensure the Gemini for Google Cloud API is enabled.

2. Data Grounding & Connectors

2.1 What are Connectors?

Connectors (Data Stores) bridge Gemini with your specific business data (e.g., Confluence, ServiceNow, SharePoint) using Retrieval-Augmented Generation (RAG). Instead of relying solely on general AI knowledge, Gemini searches your data first, finding facts to generate a grounded, cited answer.

The Two-Way Street: Connectors allow Gemini to not only read data but also act on it (e.g., creating calendar events, updating bug reports) directly from the chat interface.

2.2 Connection Architectures

When connecting Data Stores, you must choose an architecture based on performance and compliance needs:

Ingestion

  • Mechanism: Data is copied and indexed within Google Cloud.
  • Pros: Exceptionally fast searches; superior ranking and recall accuracy.
  • Cons: Duplicates data; requires setting up recurring sync schedules (full vs. incremental).

Federation

  • Mechanism: No data is copied; queries are executed directly on the source system at runtime.
  • Pros: Data is always fresh; strict compliance guarantees (no duplicated data).
  • Cons: Query latency and quality are entirely dependent on the source system's performance.

2.3 Security, Permissions, and ACLs

Security is maintained by mapping source Access Control Lists (ACLs) directly to Gemini Enterprise. Connectors run dual-communication streams: one for content, one for permissions. If a logged-in user lacks permission to view a file in the source system, Gemini will never surface that information to them.

Architecture Tip: App-Level Segregation

Connectors are tied to the App Level, not individual users. If you need marketing to have different data stores than developers, create separate apps (e.g., one linked to Salesforce, one to GitHub) and provision user access accordingly.

2.4 Best Practices for Data Stores

  • GIGO (Garbage In, Garbage Out): Ensure your source data is clean. Messy internal documentation leads to poor AI responses.
  • Language Separation: If your company has documentation in multiple languages (e.g., English and German Confluence instances), set them up as separate data stores to improve answer quality.
  • Test Environments: Build a primary app without connectors so users get immediate general AI value. Use a secondary "dev" app to build, test, and sync connectors before pushing them to the primary user-facing app.

2.5 Custom Connectivity Options

If an out-of-the-box connector doesn't exist for your platform, you have three technical alternatives:

  1. Data Pipeline: Ingest the source data into Cloud Storage or BigQuery, then use Gemini's native connectors for those services.
  2. Custom Agents: Use the Agent Development Kit to build an agent that interacts via API with your system (users will have to query this specific agent directly).
  3. Custom Connectors: Build a fully native custom connector (highest complexity, deepest integration).

3. Analytics, ROI & Adoption

3.1 Strategy: The Dual-Track Rollout

Successful deployment requires Top-Down executive sponsorship combined with Bottom-Up empowerment of early champions. Training should be persona-based—don't teach general AI concepts; teach how the tool solves specific bottlenecks (e.g., reducing Support's MTTR or speeding up Developer sprint velocity).

3.2 Analytics & Dashboards

Admins can access usage telemetry in the Google Cloud Console under the Analytics sidebar tab. This consists of four main dashboards:

1. Adoption

Tracks daily/weekly/monthly active users, retention, churn rates, growth rates, and total seats consumed.

2. Value

Translates usage into financial ROI. You can configure the employee hourly rate and minutes saved per query to generate customized annualized value estimates.

3. Usage and Quality

Details the raw volume of searches, generated answers, triggered actions, page views, and user feedback ratings.

4. Agents

Monitors the usage of custom, third-party, and pre-built agents (including Notebook LM). Identifies which specific agents have the highest session counts, acting as a blueprint for standardizing high-value use cases.

Exporting Data

While the UI focuses primarily on query volumes, deep-dive data for specific automated actions can be exported via the Command Line Interface (CLI). This allows teams to pipe telemetry directly into internal BI tools (like Looker or Tableau) to merge AI metrics with existing business KPIs.

3.3 Advanced Tools & Agents

Maximize your license value by exploring features beyond basic chat:

  • Custom Agents: Users can create no-code agents using natural language to automate repetitive workflows.
  • Agent Marketplace: Accessible in the Cloud Console to find pre-built 3rd party integrations (which can also be monetized if you build your own).
  • Notebook LM Enterprise: Included with your license, providing a dedicated environment for deeply grounded, citation-heavy research to prevent organizational "relearning."

Quick Reference Checklist

  • Ensure project is in a Google Cloud Organization
  • Enable Vertex AI, Discovery Engine, IAM, Storage APIs
  • Choose Identity (Workspace vs WIF)
  • Grant users Discovery Engine User role to permit login
  • Configure Data Connectors (Ingestion/Federation)
  • Set financial baseline metrics in the Value Dashboard