Calendar MCP Server: Secure AI Agent Access to Google Calendar and Outlook
Connect Claude, ChatGPT, and Cursor to Google Calendar and Outlook through PortEden's remote MCP server. 9 tools, OAuth, and a data firewall that controls every event read and write.
Free tier · No credit card required
What is the Calendar MCP server?
The calendar MCP server lets AI agents read schedules and manage events through the Model Context Protocol. Connect a client like Claude, ChatGPT, or Cursor to one remote endpoint at https://mcp.porteden.com/calendar and the agent works across Google Calendar and Outlook at once, including Microsoft 365 calendars, with no per-provider setup.
PortEden's server exposes 9 calendar tools, from listing calendars and searching events to free/busy checks, creating, updating, deleting, and responding to invitations. What makes it different from a generic Google Calendar or Outlook MCP is the data firewall in front of those tools: PortEden inspects every tool-call request, applies your access policy, and redacts attendee details in the response before the agent ever sees them.
The result is secure calendar access for AI agents. You decide whether a client can only read availability or can also create and delete events, hide attendees and event titles, scope access to specific calendars, and review every call in an audit log. OAuth handles authentication, so there is no static key to leak.
All 9 Calendar MCP tools
Every tool can be allowed or denied per client. Access levels are enforced at the firewall on each call.
| Tool | Access | What it does |
|---|---|---|
calendar_list | read | List all calendars for the connected account. |
calendar_search_events | read | Search and list calendar events in a date range. |
calendar_get_event | read | Get full details of a single event by its ID. |
calendar_freebusy | read | Check availability for a date range without exposing event details. |
calendar_events_by_contact | read | Find all events shared with a specific contact. |
calendar_create_event | create | Create a new calendar event. |
calendar_update_event | write | Update an existing event. |
calendar_respond_to_event | write | Respond to an invitation (accept, decline, or tentative). |
calendar_delete_event | delete | Delete an event. |
Connect Calendar to Claude, ChatGPT, Cursor, and more
Point any MCP-compatible client at the remote URL and sign in to PortEden once with OAuth.
# Claude Web or Desktop, then Settings, Connectors, Add custom connectorhttps://mcp.porteden.com/calendar # Authenticate to PortEden once with OAuth. Claude can now call the# calendar tools under the access policy you set.Available on Claude Pro, Team, and Enterprise. The same flow works for Claude Cowork.
The security-first Calendar MCP
PortEden is the data firewall for AI.
Granular access control
Decide exactly what each AI client can do with your calendar. Keep a scheduling agent read-only, expose availability without event details, or scope a connection to a single calendar, so an agent never touches the events it should not.
- Read-only by default: deny create, update, delete, and respond for a scheduling-assistant agent.
- Free/busy only: expose availability through calendar_freebusy and hide event titles and attendees.
- Per-calendar scope: pin a client to your work calendar and block personal calendars.
Data redaction
PortEden runs a redaction pass on every tool response before it leaves the firewall. Attendee details and event content are replaced with stable placeholders, so the agent can reason over your schedule without the raw data entering the model's context.
- Strip attendee email addresses, phone numbers, and dial-in details from event responses.
- Mask event titles and descriptions while keeping start, end, and free/busy readable.
- Round-trip updates are de-redacted server-side, so an edit aimed at a placeholder lands on the right event.
Audit trail
Every calendar tool call is recorded: which client, which user, which tool, the arguments passed, the policy decision, and the redacted response. Export it or stream it to your SIEM for review.
- See exactly which events an agent read and which it created, updated, or deleted, with timestamps.
- Reconstruct any tool call: the request, the rule that fired, and the response returned.
- Stream to Splunk, Datadog, or S3 for retention and review.
RBAC and policy groups
Bind each MCP connection to a user or role with a scoped, revocable token. Group policies by team so a new hire inherits the right calendar access on day one, and revocation is instant and server-side.
- Issue per-user tokens scoped to the verbs and calendars that role needs.
- Apply one policy group across a team instead of editing rules client by client.
- Revoke a token server-side the moment a contract ends, with no Google or Microsoft account round-trip.
Set up the secure Calendar MCP in minutes
Add the connector
In your AI client, add a custom connector or HTTP MCP server pointing at https://mcp.porteden.com/calendar.
Authenticate with OAuth
Sign in to PortEden once and connect Google Calendar or Outlook. The client never holds your provider refresh token.
Set your calendar policy
Choose read-only, free/busy only, or read-write, scope to specific calendars, and turn on attendee redaction.
Verify in the audit log
Run a prompt, then watch the tool calls land in your PortEden audit log with the rule that fired on each one.
Calendar MCP FAQ
What is the calendar MCP server?
How do I connect Claude to Google Calendar using MCP?
Does the calendar MCP server work with Outlook Calendar?
Can I give an AI agent free/busy access only?
Is the calendar MCP server secure?
Does redaction hide attendees from the agent?
What calendar tools does the MCP server expose?
Which AI clients work with the calendar MCP server?
Does it cost anything to use the calendar MCP server?
Keep Exploring
Connect Calendar to AI, without leaking the underlying data.
Five-minute setup over OAuth. The free tier covers 1,000 tool calls per month.