Hi, I've followed the instructions here for configuring SSO with my chatbot: https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso
What I am finding is that the first time a new user comes to the chatbot, they have to go through a process of loading a new tab which creates a validation code, and copying/pasting it back into the chat window (see attached screenshots). Only then are they logged. Any subsequent visit to the chatbot will use the SSO login, without the need for this validation code.
I really want to remove this extra validation code step to make using the chatbot much more seemless for new users, but I can't see how. Does anyone know if this is possible?
As I have suffered through this issue for a year, let me share the workaround I found for a Webchat SSO.
The documentation alludes to a solution with code snippets, but there's no linked example:
Configure single sign-on with Microsoft Entra ID - Microsoft Copilot Studio | Microsoft Learn
Here's an example of using that method for SSO:
https://github.com/microsoft/CopilotStudioSamples/blob/master/BuildYourOwnCanvasSamples/3.single-sign-on/index.html
This example was posted in Github about a year ago, and you'll see that it comes with a crude login status message as well as a login button in the HTML.
I can confirm today, that the onSignInClick function works, as it opens up a standard MSAL popup that authenticates the user if there's already a session. This is more typical of a user experience people are accustomed to. The pop up with the validation code from the token link, feels awkward, opening up an entire new tab, and creating additional steps for the user.
You must host your custom web canvas on a server, and in the canvas app registration, add that URL as a redirect URI, the same place you added "https://token.botframework.com/.auth/web/redirect" for this to work.
Then it should work. Best course of action to help you troubleshoot this is to open a support request:
Get Help + Support in Power Platform - Power Platform | Microsoft Learn
It's on a internal website but not Sharepoint
Is the bot embedded in a SharePoint site?
Because that's not supported either: https://learn.microsoft.com/en-us/power-virtual-agents/configure-sso?tabs=webApp#:~:text=Published%20to%20Teams%2C%20a%20SharePoint%20website%2C%20or%20a%20Power%20Apps%20portal
Have tried both with the same result
@pcranston wrote:Hi, I've followed the instructions here for configuring SSO with my chatbot: https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso
What I am finding is that the first time a new user comes to the chatbot, they have to go through a process of loading a new tab which creates a validation code, and copying/pasting it back into the chat window (see attached screenshots). Only then are they logged. Any subsequent visit to the chatbot will use the SSO login, without the need for this validation code.
I really want to remove this extra validation code step to make using the chatbot much more seemless for new users, but I can't see how. Does anyone know if this is possible?
Hm this might be a documentation issue, I'll check.
Have you tried the steps in the 'classic' tab? I don't expect his to be very different between the unified authoring and classic version of PVA: https://learn.microsoft.com/en-us/power-virtual-agents/configure-sso?tabs=classic
Ok, we still get the validation code page. On the end of the article you sent i read that the validation code is required. Am i reading it wrong? I have also wondered if the github repository we use is for the "old" classic version of PVA, or since we use norwegian as language this might be a issue?
Michael E. Gernaey
169
Super User 2025 Season 2
Romain The Low-Code...
150
sandeep_angara
75
Super User 2025 Season 2