Unanswered

copilot agent using connection string on salesforce experience site

(0) Share

Report

Posted on by SL-12061256-0

I have an agent connected to Salesforce Knowledge and it works well in agent testing. Since it is connected to Salesforce Knowledge, I can't share it without login. If the login method selected is to authenticate with Microsoft, the indication is that it will not work with inclusion in iframe on Salesforce Experience Site. Authenticating manually with generic oauth2 makes the most sense, but I don't have all of the details it seems to be requiring. Can someone provide advice for including a Copilot agent with Salesforce Knowledge in an iframe on Experience site? Is there another way to integrate using a Lightning Web Component?

Categories:

Publish & channel management

General topics

I have the same question (0)

All responses (2)

Answers (0)

Sort by

SL-12061256-0 2 on at

Like (0)

Report
Copy link

Link copied!

I have come across a component called Lightning Copilot - any experience with this one?

Was this reply helpful? Yes No
sannavajjala87 282 Super User 2026 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Hi,

The short version: for an authenticated agent like yours, the drop-in iframe isn't really an option, and the Lightning Web Component route you're asking about is the right way to do this.

Copilot Studio only shows that simple iframe embed when the agent is set to No authentication. Since your agent needs sign-in (because of Salesforce Knowledge), that embed code disappears. "Authenticate with Microsoft" plus an iframe is a documented dead end, and your Experience site users probably aren't Microsoft identities anyway. "Authenticate manually (generic OAuth2)" is the right direction, but it doesn't give you an iframe either, it expects you to build a custom canvas. That's why the config asks for details you don't have: it assumes you're building the canvas side.

So both your questions land in the same place: the supported way to embed an authenticated agent in Experience Cloud is a custom canvas, and an LWC is exactly the vehicle for it. The shape of it:

1. Decide which identity provider your Experience users actually sign in with. For a community site that's usually Salesforce identity, not Entra. That provider is what you plug into Authenticate manually (generic OAuth2), and it's where your authorization URL, token URL, client id/secret (a Salesforce connected app), and scopes come from. The missing details come from your IdP, not Microsoft.

2. Build the chat UI in an LWC using Bot Framework Web Chat, connected through Direct Line. Generate the Direct Line token server-side with Apex, never expose the secret in the component.

3. Add the SSO middleware: when Copilot Studio sends the sign-in card, grab the user's access token and post it to the secure URL it provides. That token is what lets the Salesforce Knowledge calls run as the user.

To start, look at Microsoft's "Configure SSO with generic OAuth providers" doc (the OKTA sample is close to what you'd do with Salesforce), and the Copilot Studio + Salesforce embed guidance, which has Apex samples and Named Credentials for the auth piece.

More work than an iframe, but it's the route that actually supports an authenticated agent with SSO on an Experience site. Hope that helps.

Was this reply helpful? Yes No