top of page

OTP validation in Power Virtual Agents using Power Automate

Writer's picture: Yash AgarwalYash Agarwal

In this #PowerShot, I will show you how to setup a flow in Power Automate to add an extra layer of security to authenticate a user while retrieving sensitive data or performing actions in Power Virtual Agents.


Let's Get Started!


While deploying services type of a bot with Power Virtual Agents, there are too less options of validating a generic user when accessing sensitive information or performing actions based on the user inputs. In this post, we will look at setting up flows with Power Automate that send unique authentication codes (One Time Password - OTP) via email to a user to authenticate in the chat before progressing further on the virtual agent.


Power Virtual Agents


Step 1: Provision a power virtual agent bot and start customizing the greeting. Refer to this post for a basic customer service bot.


Step 2: In the track request branch (or the branch where you want to authenticate the user before proceeding further), add an action to get the registered request ID.


Step 3: Call an action: select the Flow 1 (from the next section) and pass the request ID. The request ID will be matched against the data and the customer email ID is extracted. The OTP code is sent to this email.


Step 4: Ask a question: Display the message to the user that that the OTP has been sent to their registered email address and ask them to enter it.


Step 5: Call an action: select the Flow 2 (from the next section) and pass the OTP id from the previous action outputs, the User Input for the OTP question and the original request ID. The flow will validate the OTP and then show the status of the request if the OTP entered was correct.


Step 6: Show message: select the output from the flow action (the text that needs to be displayed to the user based on previous inputs)


Step 7: End conversation.

 

Power Automate


Flow 1: To send an OTP to the requestor


Step 1: Trigger: When Power Virtual Agents calls a flow- To trigger the flow from the virtual agent based on the user input.


Step 2: Action: Get Item- To get the corresponding item from the SharePoint list. The request ID is of the format REQ-xx where, xx is the integer ID of the item from the SharePoint list. Expression used: last(split(triggerBody()['text'],'-'))


Step 3: Action: Compose- to generate a 6 digit random number to be used for the authentication code. Expression used: rand(100000,999999)

Step 4: Action: Send an email- to send the email to the requester with the authentication code.


Step 5: Action: Return Value to Power Virtual Agents- to send the OTP value to be stored in a variable in virtual agents action.

Flow 2: To validate the OTP and retrieve the details of the request.


Step 1: Trigger: When Power Virtual Agents calls a flow- To trigger the flow from the virtual agent based on the user input.


Step 2: Action: Initialize a variable- to store the output message to be sent to the virtual agent.

Step 3: Control: Condition- to verify the OTP entered by the user matches the one that was sent in the email.


//No branch starts


Step 4: Action: Set variable- to display the error message to the user and suggest to get in touch with the support team.


//No branch ends


//Yes branch starts


Step 5: Action: Get Item- To get the corresponding item from the SharePoint list. The request ID is of the format REQ-xx where, xx is the integer ID of the item from the SharePoint list. Expression used: last(split(triggerBody()['text'],'-'))


Step 6: Action: Set variable- to display the message to the user with the current status of the request and agent comments if any.


//Yes branch ends

Step 7: Action: Return Value to Power Virtual Agents- to send the message to be displayed to the user as a response from the bot.

 

Setup in Action

 

In this post, we saw how to add an extra layer of validation to authenticate a user for added security while handling with sensitive data. We used the email method to send the OTP. A similar setup with custom connectors or external services can be setup to send the authentication code via text messages.


I hope you found this interesting and it helped you. Thank you for reading!

Recent Posts

See All
bottom of page