Issue with Triggering Power Automate Flow via Teams Bot Using Service Account Connection

Question

Problem:

• When users interact with the bot in Teams, they receive an error saying "Additional permissions required," and the flow does not trigger.
• No permissions are associated with the bot when users click on "Retry," and no additional error details are provided.
• The issue appears to be related to the connection between Copilot Studio (Teams bot) and Power Automate, specifically in how the service account's connection is used for actions that require elevated permissions (like accessing shared resources).Description: I am using Copilot Studio (Power Virtual Agents) to create a bot that triggers a Power Automate flow. The flow should be executed using a service account connection (for accessing shared resources like mailboxes and Excel files that users don't have access to). However, when users attempt to interact with the bot and trigger the flow, they encounter an error: "Additional permissions required". The error message states: "There are no permissions associated with this Copilot." When users click on "Retry," they are presented with the same message, and the flow does not execute. The flow works fine when manually tested (so it's a problem in copilot studio and not power automate), and the users’ connections are correctly set to "Use this connection" (service account) for the necessary actions. However, the issue arises when trying to trigger the flow via the bot in Teams, as the flow cannot be initiated due to permission issues related to the bot’s identity and connections. Setup:
  1. Bot Configuration:
     • I have created a bot using Copilot Studio (Power Virtual Agents) in Microsoft Teams.
     • The bot is designed to trigger a Power Automate flow that performs tasks like accessing shared mailboxes and Excel files (which are only accessible by the service account).
  2. Flow Setup:
     • The flow involves using the Office 365 Users connector (to get user profiles), Outlook (for sending emails),Teams (for sending a chat) and Excel (for accessing shared files).
     • These actions need to be performed using a service account that has the required permissions for these shared resources.
     • The bot is designed to pass a userId input, and the flow should execute under the service account’s connection, even when the input is from another user.
  3. Authentication:
     • The bot uses Entra ID for authentication to ensure that user identity is verified.
     • The flow should run under the service account’s permissions, but the issue is that when users try to trigger the flow, they receive the "permissions required" error.
  Troubleshooting Steps Taken:
  1. Flow Testing:
     • The flow runs successfully when triggered manually using the service account’s connection.
     • The error occurs when the flow is triggered via the bot in Teams, not manually.
  2. Connection Settings:
     • For all connectors in the flow, I have selected "Use this connection" and ensured that the service account’s connection is used.
     • Despite this, users cannot trigger the flow via the bot due to the "permissions required" error.
  3. Bot Permissions:
     • The bot has been configured in Copilot Studio to interact with Power Automate and trigger the flow, but it seems the necessary delegated permissions or admin consent are not set correctly.
  4. User Permissions:
     • Users have not authorized their connections individually, as the service account is meant to handle all required permissions (accessing shared mailboxes, etc.).
     • Users do not have the required individual permissions for accessing resources like mailboxes or files, which the service account has.
  Problem:
  • When users interact with the bot in Teams, they receive an error saying "Additional permissions required," and the flow does not trigger.
  • No permissions are associated with the bot when users click on "Retry," and no additional error details are provided.
  • The issue appears to be related to the connection between Copilot Studio (Teams bot) and Power Automate, specifically in how the service account's connection is used for actions that require elevated permissions (like accessing shared resources)

Answer 1

Updated Bot Still Showing Old Version & Connection Issues for Some Users

🔹 Context: Initial Connection Issue (Solved)

I recently built a Copilot Studio bot that triggers a Power Automate flow using a service account connection. Initially, users were getting a "Permissions Required" message when interacting with the bot in Teams.

• The issue was caused by Microsoft Entra ID authentication: since all Power Automate connections were set to "Use this connection (service account)," users had no personal connections to authenticate with.
• I solved this by adding an authentication action in Copilot Studio before triggering the flow.

Now the bot works correctly for me and some other users.

---

🔹 New Issue: Some Users Still See Old Bot Version & Connection Errors

After solving the connection issue and updating the bot, some users still see: ❌ Old connection error messages (Permissions Required). ❌ Previous bot version instead of the updated one.

When these users try to uninstall the bot, they see:

• A "Permissions Required" message asking them to sign in.
• However, after that, they are able to "Add" the bot again (not just "Open"), meaning the bot was actually uninstalled.
• Even after clearing the Teams chat history, they still see the old connection error when using the bot again.

---

🔹 What We Tried:

✅ Deleting & Re-adding the Bot

• They uninstalled the bot and reinstalled it, but the old errors persisted.

---

🔹 What Help Do I Need?

🛠 How can we ensure that all users get the updated bot version immediately?

🛠 How can we fully reset authentication and permissions when a user reinstalls the bot?

🛠 Is there a way to force Teams to refresh the bot for all users?

Any help or insights would be greatly appreciated! 🚀