You can configure user authentication in your Power Virtual Agent bot to restrict access to resources using using Azure AD or OAuth2. A simpler approach for user authentication is to create an OTP, one-time password, send it to the user and prompt them to enter the code to gain access.
Here are the steps you need in your Power Virtual Agents bot to implement OTP authentication.
Create a OTP code using Power Fx
Send the code to the user using a Power Automate flow
Prompt the user to enter the code and check is it valid
Ask the user to enter the email address where the OTP code will be sent. Create a flow that takes the email address and the OTP code as input parameters. Use a send email action to send the code to the user’s email address.
Validate the OTP Code
Prompt the user to enter the received code and check it is correct. If it is valid you can allow then to continue.
Using a OTP code in this manner is not bullet proof security wise but it will suffice for many scenarios. Here I have sent the OTP code using email but you could just as easily have sent it via SMS using a connector SMS like Twilio.