Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Power Pages supports multiple authentication options so you can control how users access agents on your site. When you associate an agent with Power Pages, your site can use single sign-on (SSO) so users can access the agent without signing in again. This article describes how to set up agent authentication, including SSO, token passthrough, and token-based authentication.
No authentication
Users can access the agent without authentication. This option is the default setting when you create an agent from a form.
Note
Power Pages doesn't support Authenticate with Microsoft user authentication.
Authenticate manually
Power Pages supports single sign-on for all authentication providers available in Copilot Studio.
Authenticate with Microsoft Entra ID
Select this service provider if you want the agent to be accessible only to site users authenticated through Microsoft Entra ID. For detailed configuration, see Configure Microsoft Entra ID with Power Pages.
Authenticate with Generic OAuth 2
Use this service provider when you configure the Power Pages site with an identity provider that complies with the OAuth 2 standard. The site can support authenticated or unauthenticated users and multiple OAuth 2.0 compliant identity providers. Configure agent authentication by using token passthrough or token-based authentication to match the Power Pages authentication setup.
Token passthrough authentication
The agent relies on Power Pages’ authentication service. When you configure the agent by using the implicit flow, the agent supports all identity providers that you set up in the Power Pages site, including unauthenticated users.
Note
You can't test agents that you configure with token passthrough authentication directly within Microsoft Copilot Studio, as they require sign-in through the Power Pages site.
To configure token passthrough authentication, set the service provider to Generic OAuth 2 and set all other field values to placeholder.
To enable this setup, add the following site settings:
| Authentication/BearerAuthentication/Enabled | True |
|---|
Token based authentication
In this method, Power Pages passes the authenticated user’s token to the Copilot Studio. Microsoft Copilot Studio handles authentication. This setup allows you to test the agent directly within Copilot Studio.
For detailed configuration steps, see the Security Configuration documentation in Copilot Studio.
To enable this setup, add the following site settings:
| Setting | Value |
|---|---|
| Authentication/ApplicationCookie/SlidingExpiration | True |
| Authentication/BearerAuthentication/Enabled | True |
| Authentication/BearerAuthentication/Provider | The provider name from your existing site settings. For example, if the setting is Authentication/OpenIdConnect/AzureAD/Issuer, the provider name is AzureAD. |