Microsoft Copilot
Microsoft terminology for a universal copilot interface.
807 questions
Microsoft Copilot Studio SSO Error: IntegratedAuthenticationNotSupportedInChannel
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 61%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Joffrey Trébot
0
Reputation points
Context
I'm implementing a chat widget using Microsoft Copilot Studio with Single Sign-On (SSO) through Microsoft Authentication Library (MSAL). The implementation follows the official documentation for SSO configuration, but we're encountering an authentication channel support issue.
The aim is to have a custom application created in React, using a Copilot Studio agent configured for manual authentication but using SSO so that you don't have to use the code to log in, but rather the user's Microsoft account.
Current Implementation
Authentication Flow
- User authentication is handled through MSAL
- The chat widget uses DirectLine API for bot communication
- We're using a custom web implementation with the following components:
Code Structure
-
auth.service.ts: Handles MSAL authentication and token management -
chat.service.ts: Manages DirectLine API communication -
LoginScreen.tsx: Handles user authentication UI and flow
Current Authentication Process
- MSAL initialization is successful:
const msalConfig = {
auth: {
clientId: 'CLIENT_ID',
authority: 'https://login.microsoftonline.com/APP_ID',
redirectUri: window.location.origin,
},
cache: {
cacheLocation: 'sessionStorage',
storeAuthStateInCookie: false,
},
system: {
allowRedirectInIframe: false,
asyncPopups: true,
},
};
- User authentication succeeds and returns valid tokens, which we include in our headers:
// Headers configuration
private getHeaders(token: string): Record<string, string> {
const headers: Record<string, string> = {
'Content-Type': 'application/json',
};
if (this.aadToken) {
headers.Authorization = `Bearer ${token}`;
headers['x-ms-token-aad-id-token'] = this.aadToken;
} else {
headers.Authorization = `Bearer ${token}`;
}
return headers;
}
Error Details
After successful authentication, when trying to start a conversation, we receive the following error:
Sorry, something unexpected happened. We're looking into it.
Error code: IntegratedAuthenticationNotSupportedInChannel
Conversation ID: 4rNOj*****************
Time (UTC): 3/15/2025 11:20:02 AM
Logs
auth.service.ts:170 ✅ MSAL initialized successfully
auth.service.ts:174 ✅ Redirect promise handled
LoginScreen.tsx:16 🔐 Starting Microsoft authentication...
auth.service.ts:34 🔑 Generating Power Platform token...
LoginScreen.tsx:19 ✅ Authentication successful
auth.service.ts:34 🔑 Generating Power Platform token...
chat.service.ts:102 ❌ Error: IntegratedAuthenticationNotSupportedInChannel
Questions
- Why is integrated authentication not supported in our channel configuration?
- Do we need to enable specific features in Microsoft Copilot Studio to support SSO?
- Is there a specific channel configuration required for integrated authentication?
- Are we missing any required permissions or settings in the both app registrations?
What We've Tried
- Verifying MSAL configuration and tokens
- Implementing the authentication flow as described in the documentation
- Checking Microsoft Copilot Studio channel configuration
- Reviewing app registration settings
References
- Microsoft Documentation: Configure SSO with Microsoft Entra ID
- Receive activities from the bot in Direct Line API 3.0
- Enable Single Sign On for Copilot Studio Bot
Any guidance on resolving this authentication channel support issue would be greatly appreciated.
Microsoft Copilot
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 85%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Nivedipa-MSFT 3,626 Reputation points Microsoft External Staff2025-03-18T08:44:15.68+00:00 @Joffrey Trébot - Thank you for bringing this issue to our attention.
1.The errorIntegratedAuthenticationNotSupportedInChanneltypically indicates that the channel you're using does not support integrated authentication. This could be due to limitations in the DirectLine API or the specific configuration of your bot channel. Integrated authentication might not be supported in certain environments or configurations.2.Ensure that the SSO feature is enabled in your Copilot Studio configuration. This usually involves setting up the appropriate OAuth2 settings and ensuring that your bot is configured to accept tokens from your identity provider.
3.Yes, certain channels may require specific configurations to support integrated authentication. Make sure that your bot's channel configuration in the Azure Bot Service is set up to support SSO. This might involve configuring OAuth2 settings and ensuring that the channel supports the necessary authentication flows.
4.Double-check the permissions and settings in both your Azure AD app registrations (for the bot and the client application). Ensure that the necessary API permissions are granted and that the app registrations are configured to allow token issuance for the required scopes.
-
Nivedipa-MSFT 3,626 Reputation points Microsoft External Staff
2025-03-26T10:14:31.9+00:00 Joffrey Trébot - Could you please confirm if your issue is resolved or are you still facing this issue?
Sign in to comment
Sign in to answer