Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to enable email requests for Microsoft Mailbox using OAuth on Project Settings?

William
William June 29, 2020

We've recently switched over to OAuth Authentication for our network using Active Directory Federated Systems. We were able to successfully integrate the mailbox and can receive and process external emails to create issues.

However, our internal users which are synced with Active Directory and have Service Desk Customer - Portal Access permissions are unable to create issues via Email Requests with the following errors:


2020-06-29 14:52:52,098-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:53,051-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:54,020-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:54,973-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]
2020-06-29 14:52:55,910-0400 WARN [Office 365] Caesium-1-1 anonymous Default Mail Handler Default Mail Handler[10200]: Cannot create issue due to invalid license: [Sorry, you can't create any issues right now, as you need to have access to a Jira application to be able to create issues. To gain application access you need to be a member of a group assigned to an application.]

 

We've tried the remediation strategies posted here but with no success: 

https://confluence.atlassian.com/jirakb/create-issue-via-email-fails-due-to-invalid-license-error-in-jira-server-790959539.html

This was previously working using basic authentication against an imap mailbox using email request on a per project setting.

For the OAuth, we had to switch to the incoming mail handler located under ( System > Incoming Mail )

Is there anyway to replicate the previous behavior using Project Settings and Microsoft mailboxes using OAuth instead of basic authentication?

Answer
Watch
Like Be the first to like this
1402 views

2 answers

0 votes
Muhammad Ramzan_Atlassian Certified Master_
Muhammad Ramzan_Atlassian Certified Master_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 18, 2020

Hi everyone,

Any update on this issue

I am also facing same error with Google. I have created oauth2 and test connection is successfully.

 

But when trying to use on service desk project for email request, then giving error 

 

 

OAuth token not defined for connection. OAuth Authorisation required."

View More Comments
Craig Shannon
Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 18, 2020

Hi @Muhammad Ramzan_Atlassian Certified Master_ 

Thanks for bringing this to our attention. I have replied to your question.

Thanks,

Craig.

Jira Service Desk

Like
William Espejo
William Espejo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 9, 2020

Hi everyone, 

Still waiting to see if jira service desk now works with modern auth for Office365.

Any updates?

 

Thanks, 

William

Like
Craig Shannon
Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 9, 2020

Hi William, 

Microsoft IMAP support has been released in JSD 4.12. However, we had compatibility issues integrating with POP due to an issue in the mail library which we use. We have a patch ready for the library and plan to release support for POP soon. 

I hope you're able to test out the integration with IMAP and please do let us know if you have any feedback. 

Thanks,

Craig. 

Like
Reply
0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 1, 2020

Hi William,

I understand that you have recently switched Jira to using OAuth for incoming email away from basic auth, but since that time these Jira Service Desk customer users cannot create issues in Jira.

From the error message you have posted here, and the acknowledgement that these users are Jira Service Desk customers, I believe this is behaving as designed and there exists a misconfiguration here.  This is because users in the customer role only, are not actually licensed Jira users.  More details on this customer role can be found in Setting up service desk users: What is a customer?

This means that customers cannot login to the main Jira site directly (only the customer portal), but it also means that you cannot use a Jira Core/Jira Software mail handler in order to process incoming email from those users.  Only licensed Jira users can have their messages processed by that kind of mail handler.  The KB article you mentioned tries to explain that as well, but it was created back for Jira 7 versions and is not aware of this new OAuth feature for incoming email. 

Instead you would need to use the mail handler in a Jira Service Desk project in order to process these messages.  Jira 8.10.0 is the first version to have this new OAuth incoming email support, and from looking at the corresponding Jira Service Desk 4.10.0 version release notes, it appears that this is still something that can be configured in a Jira Service Desk project.  In fact it will need to be in order for users that are only in the customer role to be able to send messages and have Jira create issues/requests from them.

From reviewing the documentation in https://docs.atlassian.com/jira/jsd-docs-0410/Troubleshooting+issues+with+the+email+channel it makes it a bit more clear that you will first need to setup the OAuth connection to that mail server as you have in System > Incoming mail, but then the next step is to go back to the Jira Service Desk project in question and go to the Project Settings -> Email requests section in order to setup the mailbox that is expected to be used for this Jira Service Desk project.  This can be the same mail server, such as gmail or Microsoft, but the specific mailbox/email address should be different from the one in use by the Jira Core mail handlers.

Try this and let me know if you run into any problems with this.

Andy

View More Comments
William
William July 6, 2020

Hi Andy,

    Thank you for the detailed reply. After following the documentation you provided we are still not able to properly configure the account to use email requests at a project settings level. ( Project Settings > Email Requests )

We attempted with the following settings even though we are using Microsoft Office 365 since their isn't a different authentication method available under "Other"

 

Service: Gmail

Authentication Method: OAuth

Email Protocol: Secure IMAP

Request Type: Get IT Help

 

We are able to successfully authenticate against our ADFS Server using the authorize button. However, we receive the following error after completing authentication. 

Here's the error we received: "OAuth token not defined for connection. OAuth Authorisation required."

Any idea what could be causing this issue?

Thank you. 

Like
Craig Shannon
Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 6, 2020

Hi Willian,

We have released support for Gmail in JSD and Microsoft will be added in an upcoming release (well in time before the October cut off for Microsoft). The reason we took this approach to release in stages was because Google initially had a hard deadline of mid June for disabling support for basic authentication and Microsoft had plans to do this in October, we therefore targeted Gmail first to ensure we hit their deadline. 

See the below post on the community on the communication from Google and Microsoft on adjusting their OAuth 2.0 dates:
https://community.atlassian.com/t5/Feedback-Forum-articles/What-you-need-to-know-about-OAuth-2-0-for-incoming-mail-in/ba-p/1345835

We therefore completed the first iteration of this feature supporting Gmail and took the decision to release this to customers in JSD 4.10 to be able to gather feedback, with Microsoft support following soon after.

I hope this helps clarify why we do not yet have Microsoft support in JSD, but we will be releasing this to our customers very soon. I will update this question when we have a confirmed release version. 

Thanks,

Craig.

Jira Service Desk

Like Andy Heinzer likes this
Muhammad Ramzan_Atlassian Certified Master_
Muhammad Ramzan_Atlassian Certified Master_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 18, 2020 edited

Oauth2 is not even stable with Google. I have starter license and jira not allowing me to create the support ticket but its a bug on jira side and my system is getting field

2020-08-18 11:02:01,277+0000 http-nio-8080-exec-18 ERROR Ramzan 662x250340x1 pc5x1d 46.152.45.18,127.0.0.1 /rest/servicedesk/1/servicedesk/NTEST/incomingemail/oauth/validateandsaveflow/0a95c98c-5ade-4391-93f4-129f897966f8 [internal.rest.emailchannel.EmailChannelResource] Failed to validate and save token: jep.mail.connection.verifier.unknown.error : 'Here's the error we received: "[AUTHENTICATIONFAILED] Invalid credentials (Failure)"'
Like
Craig Shannon
Craig Shannon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 18, 2020

Hi @William 

JSD 4.12 will be shipped with support for OAuth2 for Microsoft exchange mailboxes. This should be made public available within the next week.  

Thanks,

Craig. 

Jira Service Desk

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
SERVER
VERSION
8.10.0
TAGS
atlassian, atlassian community, journeys for jira service management, journeys for jsm, eap jsm atlassian, early access program atlassian, early access program journeys atlassian, early access program journeys jira service management, join atlassian eap

Join the Early Access Program (EAP) - Journeys for Jira Service Management 🚪

Journeys is a brand new feature in Jira Service Management that helps you streamline various processes in your organization that may cross multiple departments, such as employee onboarding or off-boarding that require action from different teams. ✨

Join the EAP →
AUG Leaders

Upcoming Jira Service Management Events