Team Workspace Provisioning

Every team needs a shared document workspace where agents publish work products and humans review them. MeetLoyd automatically provisions Google Shared Drives or SharePoint sites when a team starts.

Overview

When you start a team, MeetLoyd detects which productivity suite is connected and provisions a shared workspace:

Team Start
    │
    ▼
┌─────────────────────────┐
│ Detect connected suite   │
│ (Google or Microsoft)    │
└────────────┬────────────┘
             │
      ┌──────┴──────┐
      │              │
      ▼              ▼
  Credentials?   No credentials?
      │              │
      ▼              ▼
  Auto-create    Admin task
  workspace      created with
  via API        instructions
      │              │
      └──────┬───────┘
             │
             ▼
  ┌────────────────────┐
  │ 4 standard folders │
  │ Members added      │
  │ Permissions set    │
  └────────────────────┘

Two providers, same experience:

Google Workspace -- creates a Shared Drive
Microsoft 365 -- creates an M365 Group with SharePoint site

How It Works

Automatic Provisioning

If your tenant has service account credentials configured, MeetLoyd provisions the workspace automatically during team first-start (Phase 3.5):

Creates a shared workspace named "MeetLoyd - {Team Name}"
Creates four standard folders: Reports, Working, Shared, Archive
Adds team agents as members with appropriate roles
Registers the workspace in the authorization system

The whole process is non-blocking -- if provisioning fails, the team continues starting normally.

Manual Provisioning (HITL Fallback)

If no service account credentials are available, MeetLoyd creates a task for your admin with:

Step-by-step instructions for creating the workspace
The folder structure to set up
Agent email addresses and their roles

After the admin creates the workspace manually, they can use the Map Workspace feature in the dashboard to link it to the team.

On-Demand Provisioning

You can also provision or map workspaces at any time from the dashboard:

Go to your Team page
Open the Workspace tab
Click Provision Workspace (auto-create) or Map Existing (link an existing one)

Folder Structure

Every workspace gets four standard folders:

Folder	Purpose
Reports	Final deliverables and published reports
Working	Work-in-progress drafts and analysis
Shared	Cross-team shared documents
Archive	Completed projects and historical records

When mapping an existing workspace, MeetLoyd preserves your existing folders and only creates missing standard ones.

Member Roles

Agents are added to the workspace with roles matching their team position:

Team Role	Google Drive Role	M365 Group Role
Team boss (manager)	Organizer	Owner
Lead agent	Organizer	Owner
Regular agents	Writer	Member

Governance Control

If your governance policy restricts data discovery, only the boss and lead agent get direct workspace access. Other agents interact through the service account, with permissions enforced by the authorization system.

Prerequisites

Google Workspace

A Google Cloud service account with domain-wide delegation
Admin SDK scopes authorized in Google Admin Console:
- https://www.googleapis.com/auth/drive
GOOGLE_SERVICE_ACCOUNT_KEY stored in your tenant vault

Microsoft 365

An Azure AD app registration with admin consent
Required permissions:
- Group.ReadWrite.All
- Sites.ReadWrite.All
Credentials stored in tenant vault:
- MS_TENANT_ID
- MS_CLIENT_ID
- MS_CLIENT_SECRET

No Credentials?

Without credentials, MeetLoyd creates a guided task for your admin instead of auto-provisioning. You can add credentials later and re-provision.

Team Settings After Provisioning

Once provisioned, your team settings are updated with the workspace details:

{
  "settings": {
    "google": {
      "sharedDriveId": "0ALJFk9...",
      "sharedDriveName": "MeetLoyd - C-Suite",
      "sharedDriveUrl": "https://drive.google.com/drive/folders/...",
      "sharedDriveFolders": {
        "Reports": "folder-id-1",
        "Working": "folder-id-2",
        "Shared": "folder-id-3",
        "Archive": "folder-id-4"
      },
      "provisionedAt": "2026-02-23T14:30:00.000Z",
      "provisionedBy": "user_abc123"
    }
  }
}

Agents can use their existing Google Drive or SharePoint tools to work with these folders directly.

Authorization

Provisioned workspaces are automatically registered in the authorization system:

The workspace and its folders appear as drive_folder resources
Folders inherit permissions from the workspace root
Boss/lead agents get admin access, regular agents get editor access
Existing drive_* tools automatically enforce these permissions

Discover & Map

If your organization already has shared drives or SharePoint sites, you can map them to teams instead of creating new ones:

Go to Team > Workspace tab
Click Map Existing Workspace
MeetLoyd lists all available workspaces from your connected provider
Select the workspace to link
MeetLoyd discovers existing folders, creates any missing standard ones, and updates the team settings

Unlinking

To unlink a workspace from a team:

Go to Team > Workspace tab
Click Unlink Workspace

This removes the mapping but does not delete the actual drive or SharePoint site.

Import-Time Provisioning

You can also include provisioning options when importing teams via the JSON format:

{
  "_format": "meetloyd-team",
  "team": {
    "name": "C-Suite",
    "description": "AI C-Suite executive team"
  },
  "provisioning": {
    "google": {
      "createGroup": true,
      "groupEmail": "csuite@yourcompany.com",
      "createSharedDrive": true,
      "sharedDriveName": "C-Suite Drive"
    }
  }
}

Cost Considerations

Resource	Cost Impact
Google Shared Drive	Counts against organization storage quota
Microsoft 365 Group	Included with M365 license, SharePoint storage counted

Workspace provisioning does not create user accounts or licenses -- it only creates shared infrastructure.

Troubleshooting

Workspace Not Provisioned

Check that a productivity suite (Google Workspace or Microsoft 365) is connected in Integrations
Verify service account credentials are stored in the vault
Try manual provisioning from the Workspace tab

"Access Denied" During Provisioning

The service account needs sufficient permissions:

Google: https://www.googleapis.com/auth/drive scope with domain-wide delegation
Microsoft: Group.ReadWrite.All and Sites.ReadWrite.All with admin consent

SharePoint Site Not Ready

After creating an M365 Group, the SharePoint site takes a few seconds to provision. MeetLoyd retries up to 5 times with 3-second intervals. If the site still isn't ready, folders will be created when you next use the "Map Workspace" feature.

Agents Can't Access the Workspace

Verify the agent has an email address assigned
Check that the agent's email is a valid account in your Google/Microsoft tenant
Review authorization permissions in the Authorization dashboard

Next: Learn about Agent Authorization for fine-grained resource access control.

Overview​

How It Works​

Automatic Provisioning​

Manual Provisioning (HITL Fallback)​

On-Demand Provisioning​

Folder Structure​

Member Roles​

Prerequisites​

Google Workspace​

Microsoft 365​

Team Settings After Provisioning​

Authorization​

Discover & Map​

Unlinking​

Import-Time Provisioning​

Cost Considerations​

Troubleshooting​

Workspace Not Provisioned​

"Access Denied" During Provisioning​

SharePoint Site Not Ready​

Agents Can't Access the Workspace​