Answered

Connecting Copilot Agent with Manual Authentication to SharePoint

(1) Share

Report

Posted on by SM-14041908-0

Hi everyone,
I'm trying to connect a Copilot agent with manual authentication to a SharePoint instance. I've attempted to set up login SSO using Microsoft B2C AD, but it still prompts me to log in. Additionally, I want to restrict users to access only the SharePoint sites they are authenticated to access and not all, hence I won't be able to grant the Sites.Read.All scope because all of our data lives there.
What is the best way to ensure that the logged-in Entra user can only access specific SharePoint folders on my canvas app registration?
Has anyone faced similar issues or have any suggestions on how to improve this setup?
Thanks in advance!

EDIT: Adding additional question asked from replies for better readability

My SharePoint is in a different tenant than the app registration, and I want to provide selective access to users. Will adding the "Sites.Selected" scope in the chat canvas app registration work?

Additionally, whenever I try to access this agent via the Direct Line API in my custom app it is able to answer genera questions but for any question related to the SharePoint knowledge, I get an "action not supported" error, although the integration works fine in the test preview console.

My authentication is custom OAuth pointing to the tenant where the app registration is, and I would like to use SSO in the future.

Categories:

General topics

I have the same question (0)

All responses (3)

Answers (1)

ronaldwalcott 3,847 Super User 2025 Season 2 on at

Like (0)

Report

See Add SharePoint as a knowledge source - Microsoft Copilot Studio | Microsoft Learn on how to add SharePoint as a knowledge source.

You also have to set permissions on the SharePoint site for the users. They will only be able to get answers from the content that they have access to in the SharePoint site. You can use groups to define the access.

Was this reply helpful? Yes No
SM-14041908-0 4 on at

Like (0)

Report

My SharePoint is in a different tenant than the app registration, and I want to provide selective access to users. Will adding the "Sites.Selected" scope in the chat canvas app registration work?

Additionally, whenever I try to access this agent via the Direct Line API in my custom app it is able to answer genera questions but for any question related to the SharePoint knowledge, I get an "action not supported" error, although the integration works fine in the test preview console.

My authentication is custom OAuth pointing to the tenant where the app registration is, and I would like to use SSO in the future.

Was this reply helpful? Yes No
Verified answer

juangonzalezAuc 84 on at

Like (0)

Report

--edit: I just read your second message and I think Copilot studio with Sharepoint Knowledge is not the way to go

For Copilot Studio to work with Sharepoint access your users need to exist on the same tenant than your sharepoint and they need to be logged in.

Your requirement would need a custom development in my opinion.

We've done it with Azure AI, AI Search and Security groups filtering the Search AI results by the access each group has configured in a custom table and then sending them to the model but this is also with logged users

I don't see a clear way to implement it with Copilot Studio.

Previous answer, valid for logged users on the same tenant.

So if you want users to access any site they have permission to, using Sites.Read.All with delegated permissions is the right approach.

The bot will only respond with information from sites that are both part of its knowledge base and accessible to the user.

I don't believe you're facing a real issue at the moment.

The same applies to specific folders—just select the folder within the site rather than the entire site for your knowledge.

We separate access to folders based on the triggered topic, but users can only access files from sites they already have permissions for.

Was this reply helpful? Yes No