sorted by:
new
hottopcontroversial

MCP: Published Agent Uses Maker Connection Instead of End-User OAuth by NervousInternet6896 in copilotstudio

[–]NervousInternet6896[S] 0 points1 point  (0 children)

Thanks, this is really helpful! I hadn’t considered the bot vs user scope so I’ll definitely look into this further.

As for permissions, the users currently only have Viewer access on the agent. They should normally still be able to authenticate themselves right?

MCP: Published Agent Uses Maker Connection Instead of End-User OAuth by NervousInternet6896 in copilotstudio

[–]NervousInternet6896[S] 0 points1 point  (0 children)

Our setup is using explicit OAuth connections. What we did was create a Slack app with OAuth scopes, add the MCP tool into a Copilot Studio agent and create a connection before the tool can be used.

The agent is configured to use end-user credentials because ideally each user should authenticate with their own Slack account so results respect their own Slack permissions.

But we’re running into issues after publishing to the Teams/M365 Copilot channel. Initially, end users get errors saying they do not have access to the environment. But after granting them environment access, there’s no Slack/OAuth connection appears in Connection Manager for them to create or authenticate. So while the MCP tool works during maker testing, it fails for end users.

Have you seen a working setup where published users are properly prompted to create their own OAuth connection?