Setup

Getting Started

Second Opinion for Sales  ยท  Connect your AI agent

Before you start

You need two things: an active Second Opinion for Sales seat, and the Microsoft 365 account that holds it.

There is no API key to copy or store. Your Microsoft sign-in is the credential. Your agent connects with a Microsoft token tied to your account and your seat.

How sign-in works

Second Opinion for Sales is reached through a single tool, ocean_scores, over the Model Context Protocol. Access is gated by Microsoft Entra ID. When your agent connects, it signs in with your Microsoft 365 account and receives a short-lived token. That token carries your identity and confirms your seat on every call. Nothing else needs to be configured for authorization.

Some agent platforms sign in interactively the first time you connect. Others (developer APIs) expect you to supply a token you have already obtained. Both paths use the same connection details below.

Register your connector app (one time)

Your agent signs in through an app registration that lives in your own Microsoft 365 tenant. You create it once and every agent platform below uses it. No Pansophy credential is ever shared with you, and your credential is never shared with Pansophy.

  1. 1
    In the Microsoft Entra admin center, go to App registrations, then New registration. Name it anything (for example, SOFS connector) and keep the default single tenant account type.
  2. 2
    Under API permissions, choose Add a permission, then APIs my organization uses, and search for Second Opinion for Sales. Add the delegated Score.Read permission.
  3. 3
    If Second Opinion for Sales does not appear in the search, its service principal is not in your tenant yet. An administrator runs this once, then repeat step 2:
    az ad sp create --id 86171dc8-e8f7-499f-ad82-595d75162961
  4. 4
    Consent. In most tenants, each user simply approves the permission the first time they sign in. If your tenant restricts user consent, an administrator selects Grant admin consent on the API permissions page once, for everyone.
  5. 5
    Redirect URI. Your agent platform shows you its callback URL when you set up the connection (Copilot Studio and Claude both display it). Add it under Authentication, then Add a platform, then Web.
  6. 6
    Copilot Studio only: under Certificates & secrets, create a client secret. It stays in your tenant; Copilot Studio asks for it when you configure the connection.
  7. 7
    Developer APIs only: under Authentication, set Allow public client flows to Yes so the device-code sign-in below works.

Connection details

These values are the same for every agent platform. Use the ones your platform asks for.

MCP server URL
https://pansophy-apim.azure-api.net/mcp
Sign-in
Microsoft Entra ID, OAuth 2.0 (work or school accounts)
Authorization URL
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
Token URL
https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Scope
api://86171dc8-e8f7-499f-ad82-595d75162961/Score.Read offline_access openid
Client ID
Your connector app's Application (client) ID
From the one-time app registration above, in your own tenant. Pansophy does not issue client IDs.

Microsoft Copilot Studio

Recommended
  1. 1
    Open your agent in Copilot Studio. Go to Tools, then Add a tool, then New tool, and choose Model Context Protocol.
  2. 2
    For the server URL, paste the MCP server URL from the connection details.
  3. 3
    For authentication, choose OAuth 2.0. Enter the Authorization URL, Token URL, and Scope from the connection details, plus the Client ID and client secret from your app registration.
  4. 4
    Save the tool and publish your agent. The first time a user runs it, they sign in with their Microsoft 365 account and the connection is established.

Developer APIs

If you are building an agent directly against a model API, you supply a Microsoft token to the MCP server yourself. First obtain a delegated user token for the scope above, then pass it on the connection.

Obtaining a token

Any standard Microsoft Entra sign-in that produces a delegated user token works. The device-code flow is the simplest for a one-time setup:

# 1. request a device code
curl -s -X POST \
  https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode \
  -d "client_id=YOUR_APP_CLIENT_ID" \
  -d "scope=api://86171dc8-e8f7-499f-ad82-595d75162961/Score.Read offline_access openid"

# 2. open the verification_uri, enter the user_code, sign in
# 3. exchange the device_code for an access token
curl -s -X POST \
  https://login.microsoftonline.com/organizations/oauth2/v2.0/token \
  -d "grant_type=urn:ietf:params:oauth:grant-type:device_code" \
  -d "client_id=YOUR_APP_CLIENT_ID" \
  -d "device_code=<device_code>"

Use the resulting access_token as the bearer below. The refresh_token lets you renew it without signing in again.

OpenAI Responses API

{
  "type": "mcp",
  "server_label": "second-opinion-for-sales",
  "server_url": "https://pansophy-apim.azure-api.net/mcp",
  "headers": {
    "Authorization": "Bearer <access_token>"
  }
}

Anthropic Messages API (MCP connector)

"mcp_servers": [
  {
    "type": "url",
    "url": "https://pansophy-apim.azure-api.net/mcp",
    "name": "second-opinion-for-sales",
    "authorization_token": "<access_token>"
  }
]

Claude custom connector

  1. 1
    In Claude, add a custom connector and paste the MCP server URL.
  2. 2
    Choose OAuth for authentication and provide the Authorization URL, Token URL, Scope, and Client ID from the connection details.
  3. 3
    Connect, and sign in with your Microsoft 365 account when prompted.

Using the tool

The tool takes the text you want analyzed and the role of the speaker, and returns behavioral (OCEAN) scores together with a sales-tuned interpretation and coaching.

Inputs

Your agent handles the speaker work. Second Opinion for Sales reads one person at a time and does not split a multi-speaker conversation for you. Your agent is responsible for parsing the conversation, identifying the speakers, isolating the text for the one person you want scored, and labeling whose words they are with the role input. Pass one speaker per call.

What you get back

A high or low standing on any dimension is a position with trade-offs in a sales context, not a measure of good or bad. The interpretation describes patterns in the text, not the person.

Your submitted text is scrubbed for personal information, scored, and discarded. It is never stored. Each seat includes up to 100 analyses per month.

Troubleshooting

If a call is rejected, the response carries a code that tells you what to fix.

ConditionWhat it means and what to do
delegated_required
insufficient_scope		The token is not a delegated user token carrying Score.Read, or it was issued to an application rather than a signed-in user. Re-obtain the token using the scope above and make sure a person signs in.
tenant_not_provisioned
seat_verification_required		The account does not yet have an active seat, or the first-connect license check has not completed. Confirm the subscription in AppSource. The first call right after activation may need a moment.
tenant_mismatchThe token was issued for a different Microsoft 365 tenant than the seat. Sign in with the account that holds the seat.
invalid_jwt
expired_jwt		The token is malformed or has expired. Obtain a fresh token (or use your refresh token) and retry.
monthly_cap_reachedThis seat has used its 100 analyses for the month. The count resets at the start of the next month.
role_required
invalid_role		The role input is missing or not one of seller / prospect. Set it and retry.
Text lengthSubmitted text must be between 400 and 50,000 characters. Shorten or lengthen the input and retry.

Need help

If you are stuck on any step:

Pansophy AI Inc., Support

support@pansophyai.com

We respond within one business day.