1. Register in Entra ID
App registration with redirect URI https://global.consent.azure-apim.net/redirect/aegisai, a client secret, and an exposed scope query.execute. So the user's token is what reaches AegisAI — not the bot's.
Custom Connector imported from OpenAPI, Entra ID OAuth so the signed-in user's identity propagates into SAP / AWS / Azure / GCP. Setup time: about fifteen minutes if you already have Power Platform admin access.
Microsoft is shipping Copilot into Word, Excel, Teams, Outlook, Power BI, Dynamics, and the Power Platform. By the time SAP API Policy 4.2026a hits, Copilot will be the dominant AI agent reaching for SAP data inside enterprise tenants. The Copilot Studio connector is therefore the highest-leverage integration AegisAI ships — one connector, every Microsoft surface.
App registration with redirect URI https://global.consent.azure-apim.net/redirect/aegisai, a client secret, and an exposed scope query.execute. So the user's token is what reaches AegisAI — not the bot's.
Power Platform → Custom Connectors → New → Import an OpenAPI file. Upload connector-swagger.json from samples/connectors/copilot-studio/. Paste your Entra IDs into the Security tab.
Copilot Studio → your copilot → Topics → Add → From file → upload topics/ask-aegisai.yaml. Trigger phrases are pre-filled. Publish and test in the chat pane.
samples/connectors/copilot-studio/.| File | Purpose |
|---|---|
README.md | Setup walkthrough with the exact Entra ID and Power Platform steps. |
connector-swagger.json | Swagger 2.0 ready to import into Power Platform's custom connector wizard. Pre-shaped for the vnd.microsoft.copilot+json response. |
topics/ask-aegisai.yaml | A Copilot Studio topic that fires the connector and renders the response as an adaptive card. Trigger phrases included. |
Copilot Studio's default for Custom Connectors is to authenticate with a service principal. Do not pick that option for AegisAI. If you do, every request looks like the bot, no request is attributable to a human, and AegisAI's identity-propagation guarantees collapse to "the bot did it."
The OAuth 2.0 + delegated permission setup in README.md ensures Copilot forwards the signed-in user's Entra ID token. Verify it: hit /api/audit/tail after a query and confirm the sub field is the user's UPN, not the bot's app id.