Configure user authentication with Azure Active Directory

Adding authentication allows users to sign in, giving your bot access to a restricted resource or information.

This article covers how to configure Azure Active Directory (Azure AD) as your service provider. To learn about other service providers and user authentication in general, see Configure user authentication.


Create an app registration

  1. Sign in to the Azure portal, using an admin account on the same tenant as your bot.

  2. Go to App registrations, either by selecting the icon or searching in the top search bar.

  3. Select New registration and enter a name for the registration.

    It can be helpful to use the name of your bot. For example, if your bot is called "Contoso sales help", you might name the app registration "ContosoSalesReg" or something similar.

  4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).

  5. Leave the Redirect URI section blank for now. You'll enter that information in the next steps.

  6. Select Register.

  7. Once the registration is complete, go to Overview.

  8. Copy the Application (client) ID and store it in a temporary place. You'll need this in later steps.

Add the redirect URL

  1. In the Azure portal, go to Authentication and then select Add a platform.

  2. Under Platform configurations select Add a platform, then select Web.

  3. Under Redirect URIs, enter and

  4. Under the Implicit grant and hybrid flows section, turn on both ID tokens (used for implicit and hybrid flows) and Access tokens (used for implicit flows).

  5. Select Configure to confirm your changes.

Generate a client secret

  1. In the Azure portal, go to Certificates & Secrets.

  2. Under the Client secrets section, select New client secret.

  3. (Optional) Enter a description. One will be provided if you leave it blank.

  4. Select the expiry period. Select the shortest period that's relevant for the life of your bot.

  5. Select Add to create the secret.

  6. Store the secret's Value in a temporary place. You'll need it when you configure your bot's authentication.


If you navigate away from the page, the secret's Value is obfuscated and you'll need to generate a new client secret.

Configure manual authentication

  1. In Power Virtual Agents, in the navigation menu under Settings, select Security. Then select the Authentication card.

    Screenshot of selecting the Authentication card.

  2. Select Manual (for any channel including Teams) then turn on Require users to sign in.

    Screenshot of selecting the manual authentication option.

  3. Enter the values for the following properties:

    • Service provider: Select Azure Active Directory V2.

    • Client ID: Enter the application (client) ID that you copied earlier from the Azure portal.

    • Client secret: Enter the client secret you generated earlier from the Azure portal.

    • Scopes: Enter profile openid.

  4. Select Save to finish the configuration.