Skip to content
English
Log into GovSpend
  • There are no suggestions because the search field is empty.

MCP Server: Microsoft Copilot 365 Connection Instructions

Integrate GovSpend procurement intelligence into Microsoft 365 Copilot using a custom federated connector backed by MCP. Unlike Claude and ChatGPT — where individual users add the integration themselves — this setup is admin-driven and deployed centrally to assigned users or groups. Once live, GovSpend tools surface naturally inside Copilot in Word, Outlook, Teams, and the rest of M365.

Building a custom agent instead? See the Copilot Studio setup guide.

What You'll Need

  • Microsoft 365 Copilot license (Commercial, GCC, or GCCH)
  • Global Admin or AI Admin role
  • Access to the Teams Developer Portal
  • Your GovSpend API key
  • MCP endpoint: https://mcp-spark-prod.govspend.com/mcp

DoD tenants: Custom federated connectors are not supported in DoD environments. Contact your GovSpend account representative to discuss alternatives.

Connection Instructions

Step 1 — Register the OAuth App

M365 federated connectors require an OAuth client registration in the Teams Developer Portal before you create the connector itself. This establishes the GovSpend side of the authentication handshake.

1a. Get GovSpend OAuth credentials

Contact support@govspend.com with the redirect URI below. They will issue credentials scoped to your tenant, including: Client ID, Client secret, Authorization endpoint, Token endpoint, Refresh endpoint, and scopes.

Redirect URI to provide to GovSpend: https://teams.microsoft.com/api/platform/v1.0/oAuthRedirect

1b. Register the OAuth connection

Sign in to the Teams Developer Portal → Tools → OAuth Client Registration → + New OAuth connection and fill in the form:

  • Name: GovSpend Spark MCP
  • Client ID and Client secret: from step 1a
  • Authorization / Token / Refresh endpoints: from step 1a
  • Scopes: from step 1a
  • PKCE: enable if your GovSpend credentials support it (optional)

Save the registration. Copy the OAuth client registration ID returned by the portal — you'll need it in Step 2.

Step 2 — Create the Connector in M365 Admin Center

2a. Sign in to admin.microsoft.com → Copilot → Connectors → Gallery.

2b. Under Created by your org, find Create a new connector and click Add. On the next page, under Connect to MCP server, click Add.

2c. Fill in the connector details:

  • Display name: GovSpend Spark MCP
  • Base URL: https://mcp-spark-prod.govspend.com/mcp
  • Registration ID: the OAuth client registration ID from Step 1b

Click Save. The connector will appear under Your Connections.

Step 3 — Roll Out to Users

3a. (Optional) Stage the rollout Select the connector → Staged rollout → choose Users or Groups → add your pilot audience.

3b. Deploy to all users When the pilot looks good, click Deploy to all users.

Changes can take up to 15 minutes to take effect for end users.

3c. End-user experience Once the connector is live, users can reference GovSpend data in Copilot across Word, Outlook, Teams, and M365 chat using natural language — no extra UI steps required on their end. The first use will prompt them to sign in to GovSpend through the OAuth flow.

Troubleshooting

The connector doesn't appear under "Your Connections" after saving

  • Wait up to 15 minutes — changes propagate asynchronously.
  • Confirm the registration ID was pasted exactly, with no leading or trailing spaces.
  • Verify your admin role: only Global Administrator and AI Administrator are supported.

End users don't see GovSpend results in Copilot

  • Check that the connector status is Enabled (not Disabled) in Your Connections.
  • Confirm the user is in the staged rollout audience, or that you've clicked Deploy to all users.
  • The user must complete the OAuth sign-in on first use. If they cancelled it, a new GovSpend query will retrigger the prompt.

OAuth sign-in fails

  • Confirm the redirect URI https://teams.microsoft.com/api/platform/v1.0/oAuthRedirect is allow-listed on the GovSpend OAuth registration.
  • Verify the Client ID, Client secret, and endpoint URLs in the Teams Developer Portal match what GovSpend issued.
  • Pop-up blockers and strict privacy extensions can block the consent window. Have the user retry from a clean browser session.

Need to change the URL or rotate the secret

  • For URL changes: delete the connector and re-create it — in-place edits are not supported.
  • For secret rotation: update the OAuth registration in the Teams Developer Portal. The connector picks up the new secret automatically.

I'm in a DoD tenant
Custom federated connectors are not supported in DoD environments. Contact your GovSpend account team to discuss alternative integration paths.