How to Set up Manual Authentication in Microsoft Copilot Studio

by

Nowadays, many companies are creating their own Copilot agents in Microsoft Copilot Studio to help employees or customers. However, when users begin using the agent, they sometimes need to log in with their own account before the agent can provide them with personal data or connect to other systems, such as SharePoint or Power Automate.

In this tutorial, we will see how to set up manual authentication in Microsoft Copilot Studio. With manual authentication, you can make sure every user signs in with their own credentials before using the Copilot.

Set up Manual Authentication in Microsoft Copilot Studio

When you create a Copilot in Microsoft Copilot Studio, you can allow users to log in using their own accounts. By default, you can choose “Authenticate with Microsoft”, but sometimes you might want more control, for example:

  • You need to connect your Copilot to other apps or APIs using OAuth2.
  • You want to manage your own login and permissions.
  • You want the agent to get an access token for each signed-in user.
Configure user authentication in Copilot Studio

In those cases, you can use the Manual authentication option.

With manual authentication, you decide how users log in, which identity provider is used, and what permissions (scopes) are required.

Follow the below:

I think your agent is already created for this example. I am using the IT Helpdesk Agent.

Add user authentication to topics Microsoft Copilot Studio
  1. Go to Settings -> Security -> Authentication.
Copilot Studio manual Authentication
  1. Under Authentication type, choose Authenticate manually.
Configure user authentication for actions in Copilot
  1. From the Service provider, select the “Microsoft Entra ID V2 with client secrets“.
Set up manual authentication in microsoft copilot studio

Then copy the redrict url we will provide when the app registration in Microsoft Entra ID.

Register an App in Microsoft Entra ID (Azure AD)

Before you set up authentication in Copilot Studio, we need to register an app in Microsoft Entra ID (previously Azure AD).

Now, follow the steps below to do this:

  1. Go to the Azure Portal. Select “Microsoft Entra ID“.
Configure user authentication with Microsoft Entra ID
  1. Expand Manage and click on “App Registration” from the left navigation pane.
Copilot Studio How to Configure Manual Authentication
  1. Click on “+ New Registration“. Then, enter the following details:
    • Name – Give it a name (for example, Copilot Manual Auth App).
    • Who can use this application or access this API? – Select any option as per your need. Here, I am selecting for “Accounts in this organizational directory only (TSinfo Technologies only – Single tenant)”.
    • Redirect URL – Select web and paste the URL below:
https://token.botframework.com/.auth/web/redirect
  1. Click on “Register“.
Manual authentication Copilot Studio
  1. After the app is created, we’ll be redirected to the app’s Overview page. Here, copy the Application (client) ID because we’ll need it later in Copilot Studio.
Configure single sign-on with Microsoft Entra ID

Enable ID and Access Tokens

  1. In the left navigation, expand Manage and click Authentication.
  2. Scroll to Implicit grant and hybrid flows.
  3. Enable both:
    • ID tokens
    • Access tokens
  4. Click Save.
How to use manual Authentication Mode in copilot

Next step, we need to create a Client Secret.

Create a Client Secret

  1. From the left navigation, select Certificates & secrets under Manage.
  2. Click on + New client secret.
  3. Enter a description (for example, Copilot Secret) and set an expiry period.
  4. Click Add.
How to Configure Security with “Manual” Authentication for Custom Copilots
  1. Now, copy the Value and save it for later. You’ll need them in the next step.
Copilot Studio authentication

Add API permissions

  1. Go to API permissions -> + Add a permission -> Microsoft Graph -> Delegated permissions.
copilot studio http request authentication
  1. Expand OpenId permissions and turn on openid and profile. Then click Add permissions.
Copilot Authentication Settings in Microsoft Copilot Studio

Add Client ID and Client Secret in Microsoft Copilot Studio

Once your app is registered and you’ve created the client secret in Microsoft Entra ID, it’s time to configure these details inside Copilot Studio.

Follow the steps below:

  1. Client ID: Paste the Application (client) ID you copied from Microsoft Entra ID.
  2. Client secret: Paste the secret value you created earlier.
  3. Scroll down and click Save to apply the settings.
microsoft copilot studio authentication settings

Test the Authentication in Copilot Studio

Open your Copilot and try chatting with it. You should now see a Sign in prompt.

Manual Set up Authentication in Microsoft Copilot Studio

Click on Login will open a new tab that provides a validation code as shown below.

Set up Manual Authentication in Copilot Studio

We need to copy and paste the code inside the Bot conversation to allow the Bot to validate.

How to Setup Manual Authentication in Microsoft Copilot Studio

With this setup, every user must sign in using their own Microsoft account before interacting with the Copilot.

Also, you may like some tutorials:

Power Apps functions free pdf

30 Power Apps Functions

This free guide walks you through the 30 most-used Power Apps functions with real business examples, exact syntax, and results you can see.

Download User registration canvas app

DOWNLOAD USER REGISTRATION POWER APPS CANVAS APP

Download a fully functional Power Apps Canvas App (with Power Automate): User Registration App