“iBridge Method: /Microsoft/Teams/Post To Channel.m Error: Forbidden - Failed to get license information for the user. Ensure user has a valid Office365 license assigned to them.”

[Rob Gething]

I get the above error when using the Hornbill Service Manager BPM >> Microsoft / Teams / PostToChannel method, yet I have a Teams license. 

I am currently using an incoming webhook as an alternative, but I have concerns that this isn't the most secure method.

[SamS]

Hi @Rob Gething,

Webhook would be delivered on whatever you set the endpoint as. So, if the endpoint is https, then  you should be fine.

As for the error at hand: it looks as if iBridge is compaining that the account set up in KeySafe that you are using for this doesn't have the specific permissions necessary.

Please confirm that the account exists and is not disabled in some way.

 

[Rob Gething]

Hi @SamS,

I can confirm that the account does exist and is not disabled.

I have a Teams bot that uses the same keysafe key and that's functioning. Surely if the keysafe key or the account that granted the authorisation were the issue, my bot would be affected too?

[SamS]

Hi @Rob Gething,

Just going over the basics - I wasn't aware that you had tried the account via another way.

That being said, the error message provided IS coming from Azure, so I would still urge you to investigate that.

https://stackoverflow.com/questions/66136902/why-do-i-receive-a-403-forbidden-response-when-calling-this-endpoint-with-angula

https://answers.microsoft.com/en-us/msoffice/forum/all/unable-to-assign-o365-license-because-the-license/e6814ade-0f7f-41e9-a157-fa3c638c7bfc

https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-groups-resolve-problems

Perhaps your bot has a lower permission set than the requirements for the account used by the BP (i.e. the creation/registration of an application).

[Rob Gething]

Actually, you might be onto something there @SamS, my chat bot Azure function is set to anonymous so that might be why?

[Rob Gething]

@SamS,

I guess that the error is related to: 

Looks like the issue is not isolated to us / me / my code and this is a wider issue for Hornbill to look at. I do not have a full azure admin account and neither should one be needed.

[SamS]

Hi @Rob Gething,

If you could test with a key which has more permissions, then we can confirm the functionality working.

We'll be working on minimizing the permission requirements to the specifically used iBridge functionality (as now mentioned in the forum entry you found).

[Steve G]

@Rob Gething

We've just released new versions of the Teams Integrations, which use their own keysafe key types and a minimal sets of rights rather than being bundled into the wider Microsoft key permissions:

Hope this helps.

Steve