Hi team,
I’m troubleshooting a
Copilot Studio ServiceNow Knowledge issue in this architecture:
Zoom Team Chat bot → Azure adapter → Direct Line → Copilot Studio agent
I switched the agent from
Authenticate with Microsoft to
Authenticate manually because this agent is consumed through an external/custom channel, and Microsoft guidance says that if authentication is needed for channels other than
Teams + Microsoft 365, the supported approach is
Authenticate manually. I also added
ExternalItem.Read.All to the manual auth scopes, because Microsoft says agents that use
Microsoft Copilot connectors as knowledge sources must include that scope when published to channels.
Current issue
After switching to
Authenticate manually, the
ServiceNow Knowledge connector no longer returns knowledge results in the agent.
What is confusing
The same
ServiceNow instance / knowledge connector works correctly in another agent that is configured with
Authenticate with Microsoft in a Microsoft-native channel, so the connector and source data do not appear to be generally broken. Microsoft also says ServiceNow Knowledge access is governed by
ACLs and user criteria, so I’m trying to understand whether the failure is now specific to the
manual-auth + external-channel runtime path.
What I already verified
- In the manual-auth agent, I added
ExternalItem.Read.All and republished.
- I tested the ServiceNow account used by the connector against:
/api/now/table/user_criteria?sysparm_limit=10
and it successfully returned user criteria records, including “Any user for KB”, so the connector account appears to have access to the user_criteria table. The same output also shows that the instance contains advanced/scripted criteria such as “Incident Fulfillers” (advanced=true).
- In ServiceNow User Criteria Diagnostics, the article I tested is readable for the target user and the KB-level rule is effectively Any User / Can Read.
- Microsoft’s deployment docs say the ServiceNow Knowledge connector supports Simple and Advanced flows, and that Simple does not evaluate advanced script-based user criteria.
- Microsoft’s troubleshooting docs also mention:
- user mapping issues can appear as error 2006
- connector accounts may need access beyond article criteria evaluation
- after permission fixes, a full crawl should be run.
My question
Has anyone seen a case where:
- the ServiceNow Knowledge connector works in an Authenticate with Microsoft agent,
- but returns no results in an Authenticate manually agent,
- even after
ExternalItem.Read.All is added,
user_criteria is readable,
- and the tested article appears readable in ServiceNow diagnostics?
Specific clarification I’m looking for
- Is there any known limitation or extra requirement for using the ServiceNow Knowledge Copilot connector with Authenticate manually in an external/custom channel?
- If the ServiceNow instance contains some advanced/scripted user criteria, does that mean the connector must be configured in Advanced mode even when the specific test article appears open via Any User?
- Is there any recommended way to verify whether the failure is due to:
- user mapping,
- crawl/index state,
- connector permission interpretation,
- or a limitation of the manual-auth external-channel path?
Any guidance would be appreciated.
Thanks.
