Notifications
Announcements
Hi Team,
As per this document (https://learn.microsoft.com/en-gb/microsoft-copilot-studio/configure-sso?tabs=webApp) I have configured SSO for Web and was able to successfully login to my credentials. But noticed that even after successful single sign on , I am again asked to login with code. Is this the expected behavior of SSO in web copilot? Please refer the screenshot for your reference.
Hi @MariamPaulachan
No this isn't expected. Single-sign on shouldn't prompt the user to login, they should automatically be signed-in.
Henry
Hi @HenryJammes
Here is the code sample link ( https://github.com/microsoft/CopilotStudioSamples/blob/master/BuildYourOwnCanvasSamples/3.single-sign-on/index.html) that is used for SSO integration in web. Could you please review and let me know if there is any further updates needed.
Not really an expert on SSO. We shared another sample recently, but for SharePoint. Can you check?
CopilotStudioSamples/SharePointSSOComponent at master · microsoft/CopilotStudioSamples (github.com)
@Mariamthis sample requires clicking on the sign-in button ahead of time - so before the copilot sends the sign in request, but it can be tricky if your copilot is configured to sign users in as soon as the conversation starts.
Are you clicking "sign-in" before the "login" card even appears?
Edit: based on your image, now I'm seeing that you are in fact signed-in but the login card still appears.
Can you check dev tools to see if there are any client-side errors and paste here?
Hi @adilei
Yes, for web, I am first redirected to sign in page then it loads the login card which is not expected SSO behavior. From the code side there is no error and we have referred in this (https://github.com/microsoft/CopilotStudioSamples/blob/master/BuildYourOwnCanvasSamples/3.single-sign-on/index.html) solution. Could you be more specific on the dev tools error you are looking for?
Also today I integrated SSO in MS teams referring this document (https://learn.microsoft.com/en-us/microsoft-copilot-studio/configure-sso-teams). But again its show the login card inside it. Could you confirm if this is the expected behavior of SSO in copilot?
Let's zoom out a little bit. Can you share the settings for your: 1. copilot app registration 2. canvas app registration 3. copilot authentication settings?
I currently do not have access to AD to share the details of copilot app registration as the AD configuring part is done by client side. They have created the app registration as per the step given in the document. With, app id/client id I configured in the Copilot. Sharing screenshot copilot authentication settings and details
Without additional details it wouldn't be possible to troubleshoot.
For example, it's possible that your canvas app registration doesn't have permissions for the custom API, but again, the app registration details are nessecary here.
This is steps that we have added
https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-authentication-azure-ad
@MariamPaulachan , what about the 2nd app registration, for your canvas?
https://learn.microsoft.com/en-us/microsoft-copilot-studio/configure-sso?tabs=webApp
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
In our never-ending quest to improve we are simplifying the forum hierarchy…
We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Michael E. Gernaey 251 Super User 2025 Season 2
Romain The Low-Code... 201 Super User 2025 Season 2
S-Venkadesh 93 Moderator
