Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Power Pages supports multiple authentication methods to help you control how users access agents on your site. This article explains how to configure user authentication for agents, including single sign-on (SSO), token passthrough, and token-based authentication. Use these options to provide a seamless and secure sign-in experience for your users.
Authentication options
When you associate an agent with Power Pages, the site lets users use single sign-on (SSO), so they don't need to sign in separately to use the agent. Power Pages supports these authentication types:
No Authentication
The agent can be accessed without requiring user authentication. This option is the default setting when an agent is created from a form.
Token passthrough Authentication
The agent relies on Power Pages’ authentication service. When configured with the implicit flow, the agent supports all identity providers set up in the Power Pages site.
Note
Agents configured with token passthrough authentication can't be tested directly within of Microsoft Copilot Studio, as they require sign-in through the Power Pages site.
To configure token passthrough authentication, Select service provider as Generic OAuth 2 and update all other values as placeholder
Authentication/BearerAuthentication/Enabled True Token based authentication
In this method, Power Pages passes the authenticated user’s token to the Copilot Studio. Microsoft Copilot Studio handles authentication. This setup allows the agent to be tested directly within Copilot Studio.
Select Generic OAuth 2 as the service provider. Power Pages doesn't currently support other service providers.
For detailed configuration steps, refer to the Security Configuration documentation in Copilot Studio.
To enable this setup, add the following site settings:
Setting Value Authentication/ApplicationCookie/SlidingExpiration True Authentication/BearerAuthentication/Enabled True Authentication/BearerAuthentication/Provider Provider name
Provider name extracted from existing settings for the provider
Authentication/OpenIdConnect/{ProviderName}/Issuer
For example, if the setting for Azure AD had Authentication/OpenIdConnect/AzureAD/Issuer, then AzureAD is the provider