Solved: Setup Manual Authentication in Microsoft Copilot Studio

Unlock the full potential of your Microsoft Copilot Studio agents with manual authentication. This tutorial is designed to guide you through the essential steps required to configure manual authentication, enhancing security and personalizing interactions with your Copilot agents. You’ll learn how to properly manage user access via App Registrations and OAuth configurations to secure communications efficiently.

What You’ll Learn

Configure authentication settings in Microsoft Copilot Studio.
Set up App Registrations in the Azure Portal.
Manage OAuth URLs and client secrets.
Delegate permissions using Microsoft Graph API for secure user credential handling.

Why This Matters

Ensuring secure and efficient authentication is crucial for any application, especially for Microsoft Copilot agents that require user access management. This guide equips you with the necessary skills to bolster your agent’s security, ensuring that only authorized users can interact with your applications. Whether you’re a developer looking to enhance security or someone wanting to improve user interactions, mastering manual authentication is invaluable.

Step-by-Step Instructions

Update Authentication Settings in Copilot Studio

Access Settings:
- In Microsoft Copilot Studio, navigate to the top-right corner and click on Settings.
- Go to Security and select Authentication.
Select Authentication Method:
- Choose Authenticate Manually.
- Copy the Redirect URL provided.
- Change the service provider to Microsoft Entra ID V2 with client secret.

Create an App Registration in Azure

Open Azure Portal:
- Go to the Azure Portal and locate App Registrations.
- Click New registration and fill out the Display Name (e.g., “Agent Authentication”).
Configure Account Types:
- Choose the supported account types according to your needs.
- For broader access, select the all-encompassing option for accounts in any organizational directory.
Redirect URI:
- Under Platform, choose Web.
- Enter the Redirect URL you copied earlier from Copilot Studio. It should be something similar to this:
  - https://token.botframework.com/.auth/web/redirect
  - This link will defer based on region. To confirm the correct link for your region, refer to the Microsoft documentation.
- Click Register.

Copilot Studio Widget

MASTER COPILOT STUDIO AGENTS

Get the 10 Commandments of Copilot Agents (Free)

Want to learn the Pro Tips of Copilot Agents? Get this free resource sent right to your inbox.

Setup Client Secrets and Permissions

Retrieve and Set Client ID:
- Copy the Application (client) ID from the Azure Portal.
- Go back to Copilot Studio and enter this ID in the appropriate field named Client ID.
Authentication Permissions
- Click Manage, then click on Authentication.
- Refer to the Implicit grant and hybrid flows.
- Be sure to check both: Access tokens & ID tokens. These are required so your agent can understand who the user is and operate on their behalf.
Generate Client Secret:
- In Azure, navigate to Certificates & Secrets.
- Add a new client secret and copy the Value immediately as it won’t be accessible later. You can create several secrets but you will not be able to refer back to the value of the new secret once you leave the page.
- Past the Value of the client secret into the Client secret input in Copilot Studio.
Configure Permissions:
- Under API Permissions, click Add a permission and select Microsoft Graph.
- Use Delegated permissions and ensure “Open ID” and “Profile” are selected.
- Consider what you want your agent to do and be sure to add all of the appropriate permissions to your app registration now.
Set Scopes:
- Navigate to Expose an API and create a scope.
- Define the scope parameters and save. Be sure that the state is Enabled.

Finalize Configuration in Copilot Studio

Update the Sign in topic.
- When you change the Copilot settings to manual authentication, it turn on a new topic called Sign in.
- This is where you can now change the start messaging or logic for your use case.

Tips and Best Practices

Always keep copies of your client ID and secret securely stored.
Regularly review and update permissions based on application needs.
Ensure your Redirect URL corresponds to your region’s requirements.
https://learn.microsoft.com/en-us/microsoft-copilot-studio/configure-sso?tabs=webApp

A tremendous shout out to Vinoth Selvam to share the process in the Power Platform Community post here that helped me learn the process myself: https://community.powerplatform.com/blogs/post/?postid=82785a1b-898b-ef11-ac20-6045bda91957

Conclusion

By following these steps, you have successfully set up manual authentication for your Microsoft Copilot agent. This enhances the security and personalization of interactions, offering users a seamless and secure experience. Ready to explore more? Continue learning to elevate your skills and secure your applications.

This guide is part of a series aimed at enriching your expertise in managing Power Platform authentication. Stay tuned for more insights and tutorials.