Team Workspace Provisioning
Every team needs a shared document workspace where agents publish work products and humans review them. MeetLoyd automatically provisions Google Shared Drives or SharePoint sites when a team starts.
Overview
When you start a team, MeetLoyd detects which productivity suite is connected and provisions a shared workspace:
Team Start
│
▼
┌─────────────────────────┐
│ Detect connected suite │
│ (Google or Microsoft) │
└────────────┬────────────┘
│
┌──────┴──────┐
│ │
▼ ▼
Credentials? No credentials?
│ │
▼ ▼
Auto-create Admin task
workspace created with
via API instructions
│ │
└──────┬───────┘
│
▼
┌────────────────────┐
│ 4 standard folders │
│ Members added │
│ Permissions set │
└────────────────────┘
Two providers, same experience:
- Google Workspace -- creates a Shared Drive
- Microsoft 365 -- creates an M365 Group with SharePoint site
How It Works
Automatic Provisioning
If your tenant has service account credentials configured, MeetLoyd provisions the workspace automatically during team first-start (Phase 3.5):
- Creates a shared workspace named "MeetLoyd - {Team Name}"
- Creates four standard folders: Reports, Working, Shared, Archive
- Adds team agents as members with appropriate roles
- Registers the workspace in the authorization system
The whole process is non-blocking -- if provisioning fails, the team continues starting normally.
Manual Provisioning (HITL Fallback)
If no service account credentials are available, MeetLoyd creates a task for your admin with:
- Step-by-step instructions for creating the workspace
- The folder structure to set up
- Agent email addresses and their roles
After the admin creates the workspace manually, they can use the Map Workspace feature in the dashboard to link it to the team.
On-Demand Provisioning
You can also provision or map workspaces at any time from the dashboard:
- Go to your Team page
- Open the Workspace tab
- Click Provision Workspace (auto-create) or Map Existing (link an existing one)
Folder Structure
Every workspace gets four standard folders:
| Folder | Purpose |
|---|---|
| Reports | Final deliverables and published reports |
| Working | Work-in-progress drafts and analysis |
| Shared | Cross-team shared documents |
| Archive | Completed projects and historical records |
When mapping an existing workspace, MeetLoyd preserves your existing folders and only creates missing standard ones.
Member Roles
Agents are added to the workspace with roles matching their team position:
| Team Role | Google Drive Role | M365 Group Role |
|---|---|---|
| Team boss (manager) | Organizer | Owner |
| Lead agent | Organizer | Owner |
| Regular agents | Writer | Member |
If your governance policy restricts data discovery, only the boss and lead agent get direct workspace access. Other agents interact through the service account, with permissions enforced by the authorization system.
Prerequisites
Google Workspace
- A Google Cloud service account with domain-wide delegation
- Admin SDK scopes authorized in Google Admin Console:
https://www.googleapis.com/auth/drive
GOOGLE_SERVICE_ACCOUNT_KEYstored in your tenant vault
Microsoft 365
- An Azure AD app registration with admin consent
- Required permissions:
Group.ReadWrite.AllSites.ReadWrite.All
- Credentials stored in tenant vault:
MS_TENANT_IDMS_CLIENT_IDMS_CLIENT_SECRET
Without credentials, MeetLoyd creates a guided task for your admin instead of auto-provisioning. You can add credentials later and re-provision.
Team Settings After Provisioning
Once provisioned, your team settings are updated with the workspace details:
{
"settings": {
"google": {
"sharedDriveId": "0ALJFk9...",
"sharedDriveName": "MeetLoyd - C-Suite",
"sharedDriveUrl": "https://drive.google.com/drive/folders/...",
"sharedDriveFolders": {
"Reports": "folder-id-1",
"Working": "folder-id-2",
"Shared": "folder-id-3",
"Archive": "folder-id-4"
},
"provisionedAt": "2026-02-23T14:30:00.000Z",
"provisionedBy": "user_abc123"
}
}
}
Agents can use their existing Google Drive or SharePoint tools to work with these folders directly.
Authorization
Provisioned workspaces are automatically registered in the authorization system:
- The workspace and its folders appear as
drive_folderresources - Folders inherit permissions from the workspace root
- Boss/lead agents get
adminaccess, regular agents geteditoraccess - Existing
drive_*tools automatically enforce these permissions
Discover & Map
If your organization already has shared drives or SharePoint sites, you can map them to teams instead of creating new ones:
- Go to Team > Workspace tab
- Click Map Existing Workspace
- MeetLoyd lists all available workspaces from your connected provider
- Select the workspace to link
- MeetLoyd discovers existing folders, creates any missing standard ones, and updates the team settings
Unlinking
To unlink a workspace from a team:
- Go to Team > Workspace tab
- Click Unlink Workspace
This removes the mapping but does not delete the actual drive or SharePoint site.
Import-Time Provisioning
You can also include provisioning options when importing teams via the JSON format:
{
"_format": "meetloyd-team",
"team": {
"name": "C-Suite",
"description": "AI C-Suite executive team"
},
"provisioning": {
"google": {
"createGroup": true,
"groupEmail": "csuite@yourcompany.com",
"createSharedDrive": true,
"sharedDriveName": "C-Suite Drive"
}
}
}
Cost Considerations
| Resource | Cost Impact |
|---|---|
| Google Shared Drive | Counts against organization storage quota |
| Microsoft 365 Group | Included with M365 license, SharePoint storage counted |
Workspace provisioning does not create user accounts or licenses -- it only creates shared infrastructure.
Troubleshooting
Workspace Not Provisioned
- Check that a productivity suite (Google Workspace or Microsoft 365) is connected in Integrations
- Verify service account credentials are stored in the vault
- Try manual provisioning from the Workspace tab
"Access Denied" During Provisioning
The service account needs sufficient permissions:
- Google:
https://www.googleapis.com/auth/drivescope with domain-wide delegation - Microsoft:
Group.ReadWrite.AllandSites.ReadWrite.Allwith admin consent
SharePoint Site Not Ready
After creating an M365 Group, the SharePoint site takes a few seconds to provision. MeetLoyd retries up to 5 times with 3-second intervals. If the site still isn't ready, folders will be created when you next use the "Map Workspace" feature.
Agents Can't Access the Workspace
- Verify the agent has an email address assigned
- Check that the agent's email is a valid account in your Google/Microsoft tenant
- Review authorization permissions in the Authorization dashboard
Next: Learn about Agent Authorization for fine-grained resource access control.