Using Confluence as knowledge source in Copilot Studio bot works with basic authentication and open permissions to anyone as described in the previous blog post. What if you have restricted pages in Confluence and you don’t want the Copilot Studio bot tell the secrets to anyone using the bot and asking the correct questions. Then it is time to use the permission restricted Confluence Connector setting when creating the connector.

In the first demo I used basic authentication with my account but when testing permissions it is better to use the OAuth2 and create app in Confluence instead of persona API token.

Setup OAuth2 in Confluence

Confluence instructions tells to go to Developer console (atlassian.com) and create OAuth 2.0 integration.

Creating OAuth2 integration in Confluence developer console
Creating OAuth2 integration in Confluence developer console

Be sure to go to Granular scopes tab to get see the scopes mentioned in the instructions

Scopes for OAuth2 integration permissions
Scopes for OAuth2 integration permissions

Setup the authorization – instructions said anything about the authorization URL in the below

Setting callback url for OAuth2 integration
Setting callback url for OAuth2 integration

Finally go to settings and copy the client id and secret to create the connector in M365 admin

Create Connector using OAuth2 in M365

Go to Search & intelligence – Microsoft 365 admin center and click Add Connection, fill the data and click Authorize.

Creating OAuth2 connector to Confluence Cloud in M365 Admin
Creating OAuth2 connector to Confluence Cloud in M365 Admin
You don’t have access to this app.
This application is in development - only the owner of this application may grant it access to their account.-notification when creating the Confluence Connecto
You don’t have access to this app -notification when creating the Confluence Connector

I’m using different account to create the connection and face this notification.

I had to go back to setting and change the distribution settins

Now it works but states incorrect scopes that are shared

It want’s to get scopes mentioned below – This app has requested Confluence API scopes that have not been added to the app. Missing: read:audit-log:confluence, read:content.metadata:confluence, read:page:confluence, read:permission:confluence, read:space:confluence.

I went back to configure the Confluence app and added all asked scopes

All needed scopes in the Confluence app for integration
All needed scopes in the Confluence app for integration

And then it started working – I clicked Accept

Once the connector has finished syncing, you could go to Copilot Studio side to take it into use.

Add connector to Copilot Studio bot

Go to Copilot Studio bot and add the connector, create new bot and follow previous post instructions or replace the connection from existing bot. Remember to delete first the existing connection from the bot.

TIP: If the connector does not have description, there is error adding it to the bot

Now the bot on the left in below picture finds answers about fishing and dragons which the account writing to bot has permissions. On the right there is account that does not have permission for Confluence articles does not get any replies with the same questions from the same bot. Links below the answer takes user to Confluence Cloud pages as it should be.

Two different accounts, same bot and other has reply and other don't
Two different accounts, same bot and other has reply and other don’t