Hello @Marcus Tägtström · Welcome to Q&A Platform and thanks for your query.
If you just want to sign in to the application, only the "Sign you in and read your profile" permission is required. However, to perform subsequent tasks the application may need additional permissions based on what the application is designed to do.
For example, if the application is designed to display free/busy schedule of users, it must have at least Calendar.Read permission. Now, this can be achieved with Directory.Read (Read directory data) permission as well but that is not a good practice as it will provide the application to read a lot more information on behalf of the signed in user than what is required. You should always provide minimum required permission to the application.
I would suggest you to check with the service provider, why below permissions are required as these are very broad permissions and must be carefully reviewed.
- Access the directory as you
- Read directory data
- Read all groups
If the same task/tasks can be performed with more specific permissions, the service provider must configure the application to request for those permissions.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.