# 🚀 QUICK FIX: Workspace Creation Error ## Error Message ``` Unable to assign workspace access. Could not retrieve your Azure AD Object ID. ``` ## ⚡ FASTEST SOLUTION (2 minutes) ### Step 1: Get Your Azure AD Object ID 1. Go to https://portal.azure.com 2. Click **Azure Active Directory** (left menu) 3. Click **Users** 4. Search for your email: `wliang@yopmail.com` 5. Click on your user 6. **Copy the "Object ID"** (it looks like: `12345678-1234-1234-1234-123456789012`) ### Step 2: Set It Manually Run this command (replace `YOUR_OBJECT_ID` with the ID you copied): ```bash php artisan user:set-object-id wliang@yopmail.com YOUR_OBJECT_ID ``` **Example:** ```bash php artisan user:set-object-id wliang@yopmail.com a1b2c3d4-e5f6-7890-abcd-ef1234567890 ``` ### Step 3: Create Workspace Go back to the UI and try creating a workspace again. **It will now work!** ✅ --- ## 🔧 PERMANENT SOLUTION (5-10 minutes) This allows the system to automatically fetch Object IDs for all users. ### Step 1: Add Microsoft Graph Permission 1. Go to https://portal.azure.com 2. Navigate to **Azure Active Directory** → **App registrations** 3. Find and click your **Fabric application** 4. Click **API permissions** (left menu) 5. Click **+ Add a permission** 6. Select **Microsoft Graph** 7. Choose **Application permissions** (NOT Delegated) 8. Search for: `User.Read.All` 9. Check the box next to **User.Read.All** 10. Click **Add permissions** ### Step 2: Grant Admin Consent ⚠️ CRITICAL 1. Stay on the **API permissions** page 2. Click **Grant admin consent for [Your Organization]** 3. Click **Yes** to confirm 4. Wait a few seconds 5. Verify you see a **green checkmark** with "Granted for [Your Organization]" ### Step 3: Test It ```bash php artisan fabric:test-graph wliang@yopmail.com ``` **Expected output:** ``` ✅ Successfully generated Graph API token ✅ Successfully retrieved user information Email: wliang@yopmail.com Display Name: [Your Name] Object ID: [GUID] ``` ### Step 4: Try Creating Workspace The system will now automatically fetch and save Object IDs for all users! 🎉 --- ## 📋 Required Azure Permissions Summary | API | Permission | Type | Consent | | ---------------- | ------------------------------------------- | ----------- | -------- | | Microsoft Fabric | `https://api.fabric.microsoft.com/.default` | Application | Required | | Microsoft Graph | `User.Read.All` | Application | Required | --- ## 🆘 Still Having Issues? ### Test Commands ```bash # Test Graph API connection php artisan fabric:test-graph wliang@yopmail.com # Manually set Object ID php artisan user:set-object-id wliang@yopmail.com YOUR_OBJECT_ID # Clear cache php artisan cache:clear && php artisan config:clear ``` ### Common Problems **Problem:** "Authorization_RequestDenied" **Solution:** Grant admin consent (Step 2 above) **Problem:** "Request_ResourceNotFound" **Solution:** User email doesn't exist in Azure AD - verify email is correct **Problem:** "InvalidAuthenticationToken" **Solution:** Check Client ID, Tenant ID, Client Secret in settings --- ## 💡 Why This Happens Microsoft Fabric API requires **Azure AD Object IDs** (GUIDs) to assign users to workspaces. It doesn't accept email addresses. - **Quick Fix:** Manually set your Object ID (1 minute) - **Permanent Fix:** Add Graph API permissions so the system can fetch them automatically --- ## 📚 Additional Resources - [Complete Setup Guide](./GRAPH_API_SETUP.md) - [Azure Portal](https://portal.azure.com) - [Microsoft Graph Documentation](https://learn.microsoft.com/en-us/graph/) --- **Need help?** Check logs at: `storage/logs/laravel.log`