diff --git a/code/infra/botservice.tf b/code/infra/botservice.tf
index 2526985..5719c64 100644
--- a/code/infra/botservice.tf
+++ b/code/infra/botservice.tf
@@ -32,3 +32,18 @@ module "bot_service" {
   private_dns_zone_id_bot_framework_token      = var.private_dns_zone_id_bot_framework_token
   customer_managed_key                         = local.customer_managed_key
 }
+
+resource "azurerm_bot_connection" "bot_connection_aad" {
+  name                = "aad"
+  bot_name            = reverse(split(module.bot_service.bot_service_id, "/"))[0]
+  location            = var.location
+  resource_group_name = azurerm_resource_group.resource_group.name
+
+  client_id     = var.bot_oauth_client_id
+  client_secret = var.bot_oauth_client_secret
+  parameters = {
+    "TenantId" = data.azurerm_client_config.current.tenant_id
+  }
+  service_provider_name = "Azure Active Directory v2" # serviceProviderId = "30dd229c-58e3-4a48-bdfd-91ec48eb906c"
+  scopes                = join(" ", var.bot_oauth_scopes)
+}
diff --git a/code/infra/data.tf b/code/infra/data.tf
index cc6f0b1..9a36945 100644
--- a/code/infra/data.tf
+++ b/code/infra/data.tf
@@ -1,3 +1,5 @@
+data "azurerm_client_config" "current" {}
+
 data "azurerm_virtual_network" "virtual_network" {
   name                = local.virtual_network.name
   resource_group_name = local.virtual_network.resource_group_name
diff --git a/code/infra/variables.tf b/code/infra/variables.tf
index ac30c41..0f13831 100644
--- a/code/infra/variables.tf
+++ b/code/infra/variables.tf
@@ -41,11 +41,29 @@ variable "tags" {
 
 # Service variables
 variable "web_app_app_settings" {
-  description = "Specifies the videoindexer id"
+  description = "Specifies the web app settings."
   type        = map(string)
   sensitive   = false
 }
 
+variable "bot_oauth_client_id" {
+  description = "Specifies the client id of the Entra ID oauth app."
+  type        = string
+  sensitive   = true
+}
+
+variable "bot_oauth_client_secret" {
+  description = "Specifies the client secret of the Entra ID oauth app."
+  type        = string
+  sensitive   = true
+}
+
+variable "bot_oauth_scopes" {
+  description = "Specifies the scopes of the Entra ID oauth app."
+  type        = list(string)
+  sensitive   = false
+}
+
 # Logging variables
 variable "log_analytics_workspace_id" {
   description = "Specifies the resource ID of the log analytics workspace used for collecting logs."
diff --git a/config/PerfectThymeTech/vars.tfvars b/config/PerfectThymeTech/vars.tfvars
index d62cf02..048aca7 100644
--- a/config/PerfectThymeTech/vars.tfvars
+++ b/config/PerfectThymeTech/vars.tfvars
@@ -8,7 +8,15 @@ tags = {
 }
 
 # Service variables
-web_app_app_settings = {}
+web_app_app_settings    = {}
+bot_oauth_client_id     = ""
+bot_oauth_client_secret = ""
+bot_oauth_scopes = [
+  "openid",
+  "profile",
+  "User.Read",
+  "User.ReadBasic.All",
+]
 
 # Logging variables
 log_analytics_workspace_id = "/subscriptions/8f171ff9-2b5b-4f0f-aed5-7fa360a1d094/resourceGroups/DefaultResourceGroup-NEU/providers/Microsoft.OperationalInsights/workspaces/DefaultWorkspace-8f171ff9-2b5b-4f0f-aed5-7fa360a1d094-NEU"