search

OfficeDev / microsoft-teams-apps-requestateam

Power Platform based solution that allows users to request teams and automates team creation. NO LONGER MAINTAINED. Please use 'Provision Assist' - https://github.com/pnp/provision-assist-m365/ instead.
MIT License
236 stars 66 forks source link

Problem with LogicApp ProcessTeamRequest - Function Apply Sensitivity Labels error AADSTS50034 #337

Closed ChristianHoffmannn closed 2 years ago

ChristianHoffmannn commented 2 years ago

Hello together,

i am working at a project where we are publishing the request a team app in a customer tenant. There we want to use sensitivity labels. I enabled sensitivity labels for teams/m365 groups in the tenant and also for the request a team app. The sync of Synclabel logic app was succesfull and i can see my label in the IP Labels list and in the app. When i request a team with a sensitivity label, the logicapp ProcessTeamRequest is getting an error while running the get access token for service account function. This is the error description: ""AADSTS50034: The user account [accountname] does not exist in the 03305bb8-aa0e-4076-9949-18ea10a09ff4 directory. To sign into this application, the account must be added to the directory.\r\nTrace "

It refers to my service account of the request a team app. There are no errors with that account and the user principal name is the same as the mail adress of the account.

Did anyone have got this error before and know how to fix it? In an other test tenant i am not getting this error.

Kind regards

Christian

alexc-MSFT commented 2 years ago

@ChristianHoffmannn can you check the Key Vault please and look at the secrets to make sure the correct user account and password is stored in there.

Also I'm assuming that directory id is indeed the correct tenant ID for the Azure AD directory where that account resides?

Thanks

ChristianHoffmannn commented 2 years ago

@ChristianHoffmannn can you check the Key Vault please and look at the secrets to make sure the correct user account and password is stored in there.

Also I'm assuming that directory id is indeed the correct tenant ID for the Azure AD directory where that account resides?

Thanks

I checked the Key Vault and the secrets and i maybe found something, what can probably cause the problem. In the customer tenant the sausername stands there without the domain. In my test tenant, where it works it stands there with the domain, so like admin@contoso.com and in the customer tenant there just stands admin.

Do you know if that can cause the problem? In the customer tenant the displayname is different in compare to the beginning of the userprincipalname but searching for the account both ways work for finding it.

ChristianHoffmannn commented 2 years ago

Little update: I updated the sausername so that the whole userprincipalname is standing there. Also updated the sapassword because there was an old password saved.

Now we are getting the error AADSTS50126: Error validating credentials due to invalid username or password.

We will check the service account now and i will give an update if we need further help.

ChristianHoffmannn commented 2 years ago

Now it's working, credentials are working know

Thanks for the help. This issue can be closed.