Share
ReportHi,
I am trying to set up a Copilot Studio Agent in Power Platform environment A that is supposed to connect to a Dataverse instance in Power Platform environment B, within the same tenant.
My understanding is that I cannot use the Microsoft Dataverse MCP Server, as this would require both the agent and Dataverse to be hosted in the same environment. For this reason, I decided to create a custom Model Context Protocol (MCP) server, providing the appropriate endpoint and using manual OAuth 2.0 authentication.
To do this, I created an Entra ID application with the required Dynamics CRM → user impersonation permissions and added it to the allowed client list of the target Dataverse MCP.
My goal is not only to connect to Dataverse, but also to ensure that each user connects using their own credentials, so that Dataverse permissions are enforced on a per-user basis.
As the owner, I was able to successfully query the Dataverse instance and retrieve data on my behalf. However, another user from the same tenant was not able to do so. That user is prompted with an authentication error, and when opening Connection Manager, the connection creation fails.
The only way we managed to make this user work was by letting them use my existing connection, which, however, causes all operations to be executed with my permissions. The connection has already been shared with this user with the “Use” role (we also tried Edit and that only allowed him to use my own connection).
Could you please help me understand whether connecting to Dataverse via MCP from environment A to environment B is supported using OBO auth flow, and what configuration or approach I should try in order to allow per-user authentication and authorization?
Thanks in advance.
I am trying to set up a Copilot Studio Agent in Power Platform environment A that is supposed to connect to a Dataverse instance in Power Platform environment B, within the same tenant.
My understanding is that I cannot use the Microsoft Dataverse MCP Server, as this would require both the agent and Dataverse to be hosted in the same environment. For this reason, I decided to create a custom Model Context Protocol (MCP) server, providing the appropriate endpoint and using manual OAuth 2.0 authentication.
To do this, I created an Entra ID application with the required Dynamics CRM → user impersonation permissions and added it to the allowed client list of the target Dataverse MCP.
My goal is not only to connect to Dataverse, but also to ensure that each user connects using their own credentials, so that Dataverse permissions are enforced on a per-user basis.
As the owner, I was able to successfully query the Dataverse instance and retrieve data on my behalf. However, another user from the same tenant was not able to do so. That user is prompted with an authentication error, and when opening Connection Manager, the connection creation fails.
The only way we managed to make this user work was by letting them use my existing connection, which, however, causes all operations to be executed with my permissions. The connection has already been shared with this user with the “Use” role (we also tried Edit and that only allowed him to use my own connection).
Could you please help me understand whether connecting to Dataverse via MCP from environment A to environment B is supported using OBO auth flow, and what configuration or approach I should try in order to allow per-user authentication and authorization?
Thanks in advance.
Categories:
I have the same question (0)
All responses (
Answers (
601
