Copilot Studio. Configure single sign-on with Microsoft Entra ID

In the previous post, a new Copilot was published on the site.

2024.10.05 - [Copilot Studio] - Copilot Studio. Deploying Copilot to an IIS Site.

 

This time, I have written about how to configure Entra ID and SSO in cases where the organization requires that only authenticated users have access.

The following technical documentation was used as a reference.

Configure user authentication with Microsoft Entra ID - Microsoft Copilot Studio | Microsoft Learn

Configure single sign-on with Microsoft Entra ID - Microsoft Copilot Studio | Microsoft Learn

 

 

Entra Admin Center -> Applications -> App registrations -> New registration

 

 

After entering the App name, click Register (At this stage, the Redirect URI is optional. The URL below was created based on my test page.).

 

 

Navigate to Authentication.

Add the following URL mentioned in the technical documentation.

https://token.botframework.com/.auth/web/redirect

https://europe.token.botframework.com/.auth/web/redirect

 

Check Access tokens and ID Tokens -> Click Save.

 

 

Certificates & secrets -> Client secrets -> New client secret

 

 

Input Description  -> Add

 

 

Save the Value in advance.

 

 

Go to Overview and save the Application ID information.

 

 

API permissions -> Add a permission -> Delegated permissions

 

 

Add the permissions offline_access, openid, and profile. -> Grant admin consent for Contoso

 

 

Go to Copilot Studio and navigate to the Settings menu of the Custom Copilot you want to modify the authentication for.

 

 

Security -> Authentication -> Authenticate manually

 

 

Select Require users to sign in -> Enter Client ID (App ID) and Client secret (Value) -> Click Save -> Click Publish.

 

 

A message indicating that a login is required will appear as shown below.

 

Access the Copilot web page in a separate browser -> Click Login -> Complete the Login process.

 

Copy the Validation Code provided after logging in.

 

 

Enter a message in the chat window to confirm that the authentication was successful.

 

 

Since login cannot be implemented directly in the chat, it seems that the authentication process is carried out using a separate validation code.

 

 

By configuring it this way, you can set up security so that only users with an account can access the Custom Copilot.