restoring SSO for Web and Entra ID, consolidating SSO samples under one folder (#306)

Co-authored-by: adilei <[email protected]>

Author: adilei

README.md

@@ -40,20 +40,22 @@ Older samples and labs, largely focused on Power Virtual Agents, have been moved
 | Dataverse Indexer | Index the content of a SharePoint library into a Copilot Studio Agent as knowledge source files, along with citations that point to the source files in SharePoint | [View][cs#7]|
 | Load Testing | JMeter test plan to use as a starting point for load testing conversational agents built with Copilot Studio | [View][cs#8]|
 | RelayBotSample | Demonstrates how to connect your bot to existing Azure Bot Service channels | [View][cs#3] |
-| SharePointSSOComponent | A SharePoint component demonstrating how copilots can be deployed to SharePoint sites with SSO enabled | [View][cs#4] |
+| SharePointSSOComponent | A SharePoint component demonstrating how custom agents can be deployed to SharePoint sites with SSO enabled | [View][cs#4] |
+| SSOwithEntraID | Single Sign-On for Web and Entra ID | [View][cs#10] |
 | Type Ahead Suggestions | Demonstrates typeahead suggestion functionality for your custom copilot that can assist users finding things like frequently asked questions, auto correcting typos and showing a list of menu items like product names or topic names before sending a message to the copilot | [View][cs#9] |
 | WebChat Customization | Shows the Customization Options from the Azure AI Bot Services as well as some CSS to drastically change the look of your Copilot agent | [View][cs#6]|
 
 
-[cs#1]:./3rdPartySSOWithOKTA
+[cs#1]:./SSOSamples/3rdPartySSOWithOKTA
 [cs#2]:./ImplementationGuide
 [cs#3]:./RelayBotSample
-[cs#4]:./SharePointSSOComponent
+[cs#4]:./SSOSamples/SharePointSSOComponent
 [cs#5]:./AdaptiveCardSamples
 [cs#6]:./CustomExternalUI
 [cs#7]:./DataverseIndexer
 [cs#8]:./LoadTesting/JMeterMultiThreadGroup
 [cs#9]:./TypeaheadSuggestions
+[cs#10]:./SSOSamples/SSOwithEntraID
 
 ## Contributing
 

3rdPartySSOWithOKTA/README.md SSOSamples/3rdPartySSOWithOKTA/README.md3rdPartySSOWithOKTA/README.md renamed to SSOSamples/3rdPartySSOWithOKTA/README.md

@@ -1,4 +1,4 @@
-# 3rd Party SSO with OKTA
+# Description
 
 This custom canvas demonstrates how an access token obtained from a 3rd party identity provider, like OKTA, can be used in the context of a single sign-on (SSO) login flow with Copilot Studio.
 

3rdPartySSOWithOKTA/img/placeholder.png …/3rdPartySSOWithOKTA/img/placeholder.png3rdPartySSOWithOKTA/img/placeholder.png renamed to SSOSamples/3rdPartySSOWithOKTA/img/placeholder.png 3rdPartySSOWithOKTA/img/placeholder.png renamed to SSOSamples/3rdPartySSOWithOKTA/img/placeholder.png

@@ -0,0 +1,17 @@
+## Single Sign-On with WebChat
+
+WebChat supports sharing a user's access token over Direct Line. This allows the agent to "act on behalf of the user", by passing the token to a downstream API. 
+
+This pattern requires the application hosting WebChat to obtain an access token using a library like MSAL (or equivalent for non-Entra providers), and post it over Direct Line.
+
+
+| Sample Name | Description | View |
+| --- | --- | --- |
+| SSOwithEntraID | SSO on Web with Entra ID  | [View][cs#1]|
+| 3rdPartySSOWithOKTA | Demonstrates how to implement a seamless SSO experience with a 3rd party authentication provider   | [View][cs#2]|
+| SharePointSSOComponent | A SharePoint component demonstrating how copilots can be deployed to SharePoint sites with SSO enabled | [View][cs#3] |
+
+
+[cs#1]:./SSOwithEntraID
+[cs#2]:./3rdPartySSOWithOKTA
+[cs#3]:./SharePointSSOComponent

3rdPartySSOWithOKTA/img/token.png …amples/3rdPartySSOWithOKTA/img/token.png3rdPartySSOWithOKTA/img/token.png renamed to SSOSamples/3rdPartySSOWithOKTA/img/token.png 3rdPartySSOWithOKTA/img/token.png renamed to SSOSamples/3rdPartySSOWithOKTA/img/token.png

@@ -0,0 +1,14 @@
+# Description
+
+This sample demonstrates how to retrieve an Entra ID access token for a signed-in user, and share the token with Copilot Studio over Direct Line, thus enabling seamless SSO.
+
+## Getting started
+
+1. Follow the instructions on how to [configure user authentication with Microsoft Entra ID](https://learn.microsoft.com/en-us/microsoft-copilot-studio/)
+2. Follow the instructions on how to configure a second [app registration for a canvas app](https://learn.microsoft.com/en-us/microsoft-copilot-studio/configure-sso?tabs=webApp). Set the redirect URI in your app registration based on where the sample will be deployed (e.g. localhost, static web app, etc.)
+3. Replace the values for Client ID, Tenant ID and Token Endpoint under `TODO` in [index.html](./index.html)
+4. Deploy index.html to a host of your choice
+
+<br>
+
+> **IMPORTANT:** This sample requires users to click on a sign-in button. This behavior is just for demonstration purposes, while in production, the initial sign-in should be managed by your application.