Power Virtual Agents OTP

You can configure user authentication in your Power Virtual Agent bot to restrict access to resources using using Azure AD or OAuth2. A simpler approach for user authentication is to create an OTP, one-time password, send it to the user and prompt them to enter the code to gain access.

Here are the steps you need in your Power Virtual Agents bot to implement OTP authentication.

Create a OTP code using Power Fx
Send the code to the user using a Power Automate flow
Prompt the user to enter the code and check is it valid

Create a OTP using Power FX

Now that Power Virtual Agents supports Power Fx you can use the random between function to create an OPT code six numbers in length.

Power Virtual Agents - Create OTP using Power Fx

Send the OTP Code to the user using a Flow

Ask the user to enter the email address where the OTP code will be sent. Create a flow that takes the email address and the OTP code as input parameters. Use a send email action to send the code to the user’s email address.

Power Virtual Agents - Power Automate Flow to email OTP code

Validate the OTP Code

Prompt the user to enter the received code and check it is correct. If it is valid you can allow then to continue.

Power Virtual Agents - Validate users OTP code

Summary

Using a OTP code in this manner is not bullet proof security wise but it will suffice for many scenarios. Here I have sent the OTP code using email but you could just as easily have sent it via SMS using a connector SMS like Twilio.

Power Virtual Agents – OTP

Create a OTP using Power FX

Send the OTP Code to the user using a Flow

Validate the OTP Code

Summary