We have: 1 Canvas app 1 Cloud flow (no desktop flows) Flow triggered by app Flow uses HTTP (Premium) + SharePoint Flow runs under a service account --> Issue On Stage Environment: For few users With only Basic User Role, the user could open the app but the flow did not run. After assigning “Desktop flows machine application user”, the flow worked. We do not use desktop flows and want to remove that role. But For Environment Makers they can run the app and the flow in stage with out any issues. Please confirm: Minimum required roles for the end user to run the app and trigger the cloud flow (without any desktop-flow roles). Required roles for the service account (is System Admin recommended or a custom role?). Required licenses for: End user and Service account Questions:- 1:- Why did assigning the desktop-flow role allow the cloud flow to run? --> Issue On Stage Environment: In prod environment even we assign both the roles (Basic User and Desktop flows machine application user) the APP does not invoke the flow for the users. But For Environment Makers Role users they can run the app and the flow in stage with out any issues. Looking for the correct, clean configuration. licenses needed solution. Also help regarding to identify why the stage and prod behaves differently.