Entra ID Required Permissions

  • Updated on May 24, 2025
  • Published on Mar 17, 2024
  • 1 minute(s) read
Prev Next
Note
To sign in with Entra ID, make sure that Sign-in with Entra ID is enabled as a login method in your organization.


To sign in with Entra ID, you need to configure Entra ID to allow users to consent to the required permissions.

  1. Sign in to your Azure portal with a Global Administrator or Privileged Administrator user role.

  2. Go to Azure Active Directory > Enterprise applications > Consent and Permissions.

  3. In User consent settings, make sure that users are allowed to consent for apps. Microsoft's recommended option is to allow users to consent only for permissions defined as "low impact".

    User consent settings screen


  4. If you are allowing user consent only for low impact permissions, then you need to classify the required permissions as low impact.

    1. Go to Permission classifications.
    2. Select Low and add the following permissions from the Microsoft Graph API.
      • User.Read
      • offline_access
        Permission classification screen
  5. Save your changes in Azure.


Now that your Azure AD users can consent to the required permissions, you can sign in to your DEX environment with Entra ID.