Single Sign-on | OpenID Connect

Configure API Permissions

Steps in this Topic

API Permissions control what users can and cannot do when they sign into the registered application.

Perform the following steps to grant Microsoft Entra ID permissions to send an ID Token (and in it a minimal set of user attributes) requested by the plugin on behalf of the logged-in user.

  • Click API permissions from the App registration menu on the left.

  • Click + Add permission.
  • Select Microsoft Graph > Delegated permissions and check *
    • email
    • offline_access
    • openid
    • profile
  • Click  Add permissions.

Please note that you should not delete the default User.Read permission.

Also, If you plan advanced integration and embedding of Microsoft 365 services in WordPress then you probably need to add additional permissions on this page. Please consult the integration guide for Microsoft 365 services for in-dept guidance.


  • Click to grant consent for all users in your tenant to use this App registration and its ability to provide ID tokens (and Access Tokens).

If the Grand admin consent for … is greyed out then you do not have sufficient permissions to continue. Since this is mandatory you must contact your Global Administrator and ask for help.