It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to enable email requests for Microsoft Mailbox using OAuth on Project Settings?

We've recently switched over to OAuth Authentication for our network using Active Directory Federated Systems. We were able to successfully integrate the mailbox and can receive and process external emails to create issues.

However, our internal users which are synced with Active Directory and have Service Desk Customer - Portal Access permissions are unable to create issues via Email Requests with the following errors:


2020-06-29 14:52:52,098-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:53,051-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:54,020-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:54,973-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:55,910-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]

 

We've tried the remediation strategies posted here but with no success: 

https://confluence.atlassian.com/jirakb/create-issue-via-email-fails-due-to-invalid-license-error-in-jira-server-790959539.html

This was previously working using basic authentication against an imap mailbox using email request on a per project setting.

For the OAuth, we had to switch to the incoming mail handler located under ( System > Incoming Mail )

Is there anyway to replicate the previous behavior using Project Settings and Microsoft mailboxes using OAuth instead of basic authentication?

1 answer

0 votes
Andy Heinzer Atlassian Team Jul 01, 2020

Hi William,

I understand that you have recently switched Jira to using OAuth for incoming email away from basic auth, but since that time these Jira Service Desk customer users cannot create issues in Jira.

From the error message you have posted here, and the acknowledgement that these users are Jira Service Desk customers, I believe this is behaving as designed and there exists a misconfiguration here.  This is because users in the customer role only, are not actually licensed Jira users.  More details on this customer role can be found in Setting up service desk users: What is a customer?

This means that customers cannot login to the main Jira site directly (only the customer portal), but it also means that you cannot use a Jira Core/Jira Software mail handler in order to process incoming email from those users.  Only licensed Jira users can have their messages processed by that kind of mail handler.  The KB article you mentioned tries to explain that as well, but it was created back for Jira 7 versions and is not aware of this new OAuth feature for incoming email. 

Instead you would need to use the mail handler in a Jira Service Desk project in order to process these messages.  Jira 8.10.0 is the first version to have this new OAuth incoming email support, and from looking at the corresponding Jira Service Desk 4.10.0 version release notes, it appears that this is still something that can be configured in a Jira Service Desk project.  In fact it will need to be in order for users that are only in the customer role to be able to send messages and have Jira create issues/requests from them.

From reviewing the documentation in https://docs.atlassian.com/jira/jsd-docs-0410/Troubleshooting+issues+with+the+email+channel it makes it a bit more clear that you will first need to setup the OAuth connection to that mail server as you have in System > Incoming mail, but then the next step is to go back to the Jira Service Desk project in question and go to the Project Settings -> Email requests section in order to setup the mailbox that is expected to be used for this Jira Service Desk project.  This can be the same mail server, such as gmail or Microsoft, but the specific mailbox/email address should be different from the one in use by the Jira Core mail handlers.

Try this and let me know if you run into any problems with this.

Andy

Hi Andy,

    Thank you for the detailed reply. After following the documentation you provided we are still not able to properly configure the account to use email requests at a project settings level. ( Project Settings > Email Requests )

We attempted with the following settings even though we are using Microsoft Office 365 since their isn't a different authentication method available under "Other"

 

Service: Gmail

Authentication Method: OAuth

Email Protocol: Secure IMAP

Request Type: Get IT Help

 

We are able to successfully authenticate against our ADFS Server using the authorize button. However, we receive the following error after completing authentication. 

Here's the error we received: "OAuth token not defined for connection. OAuth Authorisation required."

Any idea what could be causing this issue?

Thank you. 

Hi Willian,

We have released support for Gmail in JSD and Microsoft will be added in an upcoming release (well in time before the October cut off for Microsoft). The reason we took this approach to release in stages was because Google initially had a hard deadline of mid June for disabling support for basic authentication and Microsoft had plans to do this in October, we therefore targeted Gmail first to ensure we hit their deadline. 

See the below post on the community on the communication from Google and Microsoft on adjusting their OAuth 2.0 dates:
https://community.atlassian.com/t5/Feedback-Forum-articles/What-you-need-to-know-about-OAuth-2-0-for-incoming-mail-in/ba-p/1345835

We therefore completed the first iteration of this feature supporting Gmail and took the decision to release this to customers in JSD 4.10 to be able to gather feedback, with Microsoft support following soon after.

I hope this helps clarify why we do not yet have Microsoft support in JSD, but we will be releasing this to our customers very soon. I will update this question when we have a confirmed release version. 

Thanks,

Craig.

Jira Service Desk

Like Andy Heinzer likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.10.0
TAGS
Community showcase
Published in Jira Service Desk

The Complete Guide to Atlassian for ITSM

Hi Atlassian Community! This is Teresa from the Atlassian team. My colleague Paul Buffington @Buff and I are excited to share a brand new ITSM resource we’ve created – "The Complete Guide to At...

615 views 7 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you