As you know the Power Virtual Agent (PVA) is a low-code and no-code solution. It is very easy to create a Bot quickly. Now, if you want this bot on the SharePoint page. There are a few options and their pros & cons.
In this article, I am going to list out all options. I will share the pros and cons of each option and share code where needed. This will help you guide your journey for a similar requirement.
There are a few prerequisites, based on which option you pick you will need to get one or more of the following resources.
- Power Platform Environment – Required for all options
- SharePoint Online tenant – Required for all options
- Visual Studio – Required for Options # 2
- Azure Web App & Azure Front Door– Required for Options # 2
- Visual Studio Code – Required for Options # 3
- SharePoint Framework Development (SPFx) Environment Setup – Required for Options # 3
Below are the three options:
Option # 1: Put embedded code from the bot on an IFRAME on the SharePoint page.
- Easy and quick
- Easy to get embed code from the PVA Bot Channels.
- Easy step to add the IFRAME on the SharePoint page
- The embed code has the code and the token is exposed as public for the content owner. If this code with url is leaked anyone from outside of the organization network can access the Bot. If this Bot is meant to be internal to organization then this option will not work.
Option # 2: Use DirectLine (DL) Secret and get DL Token from Azure Web Site URL for IFRAME on the SharePoint page.
Basically, in this approach, the IFRAME will be still used on the SharePoint page. But the URL for the IFRAME will be from the internally controlled Web Site URL which will be blocked from public access using IP restrictions. The internal website will be configured with the Direct Line Secret. The website will get the Direct Line Token for doing secured communication with the Bot.
- The bot will NOT be accessed by the public. It will be restricted by the website for the internal IP range only. Even if the URL is leaked it will be blocked by the IP Restriction on the Azure Front Door.
- It used the Bot’s direct line Token as a protected communication mechanism.
- Extra resources on Azure, i.e. Azure Web App with Azure Front Door.
- There will be code on the Azure Web App to create and maintain
Option # 3: Create an SPFx Application Customizer to put on the SharePoint page.
- The bot will not be exposed to the public. The Direct Line Secret will be buried in the SPFx code & can not be seen
- There is SPFx web part development and in future for maintenance (if needed).
Step By Step Solution:
Option # 1:
The following two steps will get your Bot on the SharePoint page quickly.
- This is an easy solution. All you need to do is to get the embed code from the Bot. Follow here.
- Once you get the code you add this to your SharePoint page. Follow here.
Option # 2:
This option will use Azure Web App and Azure Front Door. The Azure Front Door will allow to restriction of IP within the organization.
The Azure Web App is the ASP.NET Core solution. There are two components in the website, one is to UI and the other is API. The UI part is to show the Web Chat and API is to get the Direct Line Token from the Secret. The Direct Line Secret is stored in the configuration of the website or can be secured using a key vault.
TODO: Code to follow.
Option # 3:
TODO: Code to follow.
Based on the above article’s options and their pros and cons you will be able to decide what is right for your need. Option #1 is very easy and quick to Option # 3 to get modern ways to block the access.
Some helpful links for Bot development