web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Configuring Manual Aut...
Copilot Studio
Unanswered

Configuring Manual Auth for retrieving Dataverse information in a public web agent scenario

(1) ShareShare
ReportReport
Posted on by 11

Hi everyone,

I am currently developing a Copilot Studio agent that will be deployed on a public website. The requirement is to allow anonymous users (unauthenticated) to interact with the bot. However, the agent needs to query and retrieve data from a Dataverse table to provide specific answers.

The Issue:
By default, when a bot is set to "No Authentication," it operates under the user's context (which is null in this case). To access Dataverse, I need the bot to authenticate as a specific identity - specifically, an Azure App Registration (Service Principal) - to fetch the data without prompting the end-user for any credentials.

Current Approach:
I am exploring the "Manual (for any channel)" authentication setting in Copilot Studio. I want to use the Client ID, Client Secret, and Token URL from my Azure App Registration to establish a Service-to-Service (S2S) connection.

Questions:

  1. Compatibility: Can I use the "Manual" authentication configuration to handle backend S2S calls while keeping the frontend experience completely anonymous for the web user?
  2. Configuration Details: In the "Manual" auth settings, what are the specific scopes required for Dataverse when using the Client Credentials flow?
  3. Application User: Beyond the Azure side, are there specific roles that must be assigned to the Application User in the Power Platform Environment to ensure the bot can successfully "impersonate" this service identity?
  4. Best Practices: Is it better to handle this via a Power Automate flow configured with a Service Principal connection, or is it possible to achieve this natively within Copilot Studio topics using the Dataverse knowledge source and the Manual Auth token?

Also, I want to avoid a scenario where the bot triggers a sign-in card for a public user. Any insights on the correct "App Registration + Copilot Studio Auth" handshake for this specific architecture would be very helpful!

If someone has achieved the proper configuration for this scenario, I'd ask to please share the steps or documentation.

I have the same question (0)
  • Sajeda_Sultana Profile Picture
    79 on at
     
    In a public web agent scenario, I’d avoid Manual Auth and instead use the Dataverse Web API with a service principal (Application User) on the back end.
    Pattern I’ve used successfully:
    • Keep the web copilot public (no signin for end users).
    • Have the copilot call your own API (or Power Automate flow).
    • That API uses the Dataverse Web API with client credentials (service principal) and a restricted security role to read only the needed tables.
    I’ve solved a very similar requirement for showing Dataverse data in multiple mobile applications, and this pattern works well to keep users anonymous while still securely surfacing Dataverse data.
     
    ✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

    🏷️ For follow-ups  @Sajeda_Sultana
  • Vish WR Profile Picture
    1,021 on at
    Instead of using Copilot Studio's authentication settings, I would suggest having a cloud flow in Power Automate that connects to Dataverse. You have two solid options depending on your setup:
     
    Option 1: Standard Connection (Simpler) If you're okay using your own user account or a service account that already has access, use a regular Dataverse connection. It's straightforward – Power Automate handles the auth, and your bot just calls the flow. Your anonymous users never see anything on their end.
     
    Option 2: Service Principal Connection (More Secure) If you want proper S2S with your App Registration, set up the connection using your service principal credentials. Power Automate manages all the token stuff automatically – you don't have to think about it. This is probably the "right" way if you're worried about security and scalability.
      
    • Create a cloud flow in Power Automate
    • Add your Dataverse connector (pick standard or SPN based on what makes sense for you)
    • Build your query to get the data your bot needs
    • In Copilot Studio, just add an "Invoke Power Automate flow" action
    • Pass in whatever parameters your query needs, and grab the results
    • Use that data in your bot responses

    Reference : (not a promotion for  their blog or YouTube) purely sharing the reference 
    How to use a Service Principal in Power Automate for a Dataverse connection 
    https://community.dynamics.com/blogs/post/?postid=33a9437c-09c9-4ac8-ba56-2d8223f82adf
    How to Trigger a Power Automate Flow in Copilot Studio
     
     
     
      Vishnu WR
     
    Please  Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider answering Yes to Was this reply helpful? or give it a Like 
     
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 618

#2
Haque Profile Picture

Haque 147

#3
Vish WR Profile Picture

Vish WR 140

Last 30 days Overall leaderboard