Dear Community,
I have developed a Copilot Studio Bot that leverages SharePoint Content for generative answers.
I also configured "manual" authentication, granted to corresponding permissions to the AAD app and so on.
Everything works fine in Teams when the bot is accessed as a "normal" Tenant/AAD User.
I am getting answers based on SharePoint Documents and SharePoint News Articles.
Whenever I access the bot as a AAD guest user, I still get answers from "normal" / non-generative Topics. But I do not get responses from SharePoint content although the user explicitly has access to the SharePoint sites and files.
Is there anything I'm missing?
Can you try raising a case with support? I suspect there's a product issue but not 100% sure
Yes, I double checked. When user B logs into tenant of User A as guest, he can access the SharePoint Site and files.
Just making sure - user B can access the SharePoint site and files?
Thanks @adilei , it tried that.
In the demo website, both users get asked to login in with an auth code at the beginning of the session.
User A gets proper answer based on the SharePoint Site.
User B does not get an answer.
Any further ideas? Can I look at the authentication, that is actually granted during the login process?
Let's say that user A is a member of the tenant and user B is a guest. Set up Gen Answers over SharePoint, and identify a question that A gets a response for. I'd like you to try this on the demo website, not the test canvas.
Once you've done that, test the same query on the demo website with user B, and let me know.
Hi @remidyon , thanks for replying!
I have created a multi-tenant app registration for the authentication.
I tried your graph request but I'm getting
"error": {
"code": "Forbidden",
"message": "The service is not authorized for provided user credentials",
"target": "",
"httpCode": 403
},
Same request works fine for internal user.
I would be very interested on how @adilei managed to get gen answers for a guest users. Could you share your insights?
Seems like it is possible (my colleague @adilei made gen answers work for a guest user - see the name of user is empty because it is a guest account)
What is your authentication mechanism for the guest user? Are you using a "validation code" or did you create an app registration that is multi tenant?
Hello @Hansi
This is a very good question - have you tried using the graph explorer to see what the guest user have access to on sharepoint? Does it return data when you do a search as guest?
Try doing a POST with this URL and query
https://graph.microsoft.com/v1.0/search/query
{
"requests": [
{
"entityTypes": [
"driveItem"
],
"query": {
"queryString": "YOUR_KEYWORD path:\"https://YOUR_SP_SITE.sharepoint.com/sites/\""
}
}
]
}