- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
11-14-2023 12:46 PM - edited 11-14-2023 12:55 PM
1. "failed to create meeting - no application access policy found for this app"
This error is quite common and can be easily solved.
Lets understand why do we get this error in the first place. Microsoft has mandated that every user that intends to create online meetings ( essentially invoke the onlineMeetings endpoint ) requires an application access policy be created against the integration app and granted to the user - Link.
In order to make it work, in our architecture, we require you to create an earmarked user called the Service User ( simply another user ) on Azure which will be the one against whom all the meetings will be created. This way each user in your organisation doesn't require to be granted the application access policy.
Now when you are starting the meeting, the above error indicates that the application access policy is either not created or if created hasn't been granted to the Service User.
To resolve this one must ensure that a Service User is created first. Its just like other user with a more generic name. Ensure you give the correct location and licences that the user is able to create online meetings. One quick way to verify would be to login using this user and verifying that one is able to launch instant meetings on the teams app.
Once the Service User is created, update the same in the field "Service user Azure ID" in Notify > Microsoft Teams > Configuration. This way you instance will know to use the Service User for creating all meetings.
Now, we need to create the Application Access policy for the integration app a.k.a BOT and later assign it to the newly created Service User. We will use Microsoft Power shell to assign these. Below are the commands that we need to run.
New-CsApplicationAccessPolicy
Grant-CsApplicationAccessPolicy
Detailed steps are given below in official product documentation.
- If you are using the Pre published Setup then follow the instructions here. (Step #3 onwards)
- if you are using the Self Configured Setup then follow the instructions here. (Step #3 onwards)
Note that in Pre published setup your App Id is static and is "ced2c8b2-7075-49fb-8dc9-7ebb41f89769" whereas for Self Configured Setup your app id would be generated randomly and will be available on the Azure portal as explained on the documentation.
2. OAuth flow failed. Verify the configurations and try again. Error detail:invalid_grant, AADSTS65001: The user or administrator has not consented to use the application with ID '74XXXXX-0374-4XXX1-a746-62f5XXXXXxx0' named 'My BoT HE'. Send an interactive authorization request for this user and resource. Trace ID: 6094XXXXX-0374-4XX-b98f-80bf8a9d6600"
This error could occur when the Profile related to the credential record is not setup with the right values.
- Navigate to Notify > Microsoft Teams > Configuration.
- Open Requestor entry via the (i) icon.
- Open the OAuth Entity Profile via the (i) icon.
- Ensure the Grant type is "Client Credentials"
- If you were using "Resource Owner Password Credentials" this error is likely to surface.
- Go back to the credential record and click on "Get OAuth Token"
- 4,188 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @AyushGoel !
I am getting this error when trying to start a Conference Call. It happen rather quick, which leads me to suspect that this is an error within ServiceNow
Any ideas?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi, You should goto Flow Designer > Operations > Executions and see what is the Response Payload for "Create User Online Meeting" Action run. If it confirms a permission issue, then you can go back and see whether the right permission was granted on the Azure app.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi!
Thank you for the quick reply!
I was not able to find any executions for that action, so it seems it's not triggered properly.. I did follow the documentation on configuring and integrating the Notify connector, but it seems like something is missing.
Are there any prerequisite steps that needs to be set up?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Its coming from an executing action. Try looking up actions under your name. It will be most likely be "Get User Details"
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I found the execution for "Get User Details" and it returns the error "Method failed: (/v1.0/users) with code: 403 - Forbidden username/password combo". Is there an user permission in Azure that is missing?
Also, the service url parameter is set to "https://graph.microsoft.com/". Shouldn't this be set to the specific tenant?