I don't believe they need any special permissions to accept the connection, unless I am misunderstanding your question. They just need to be using a work or school account.
To register an application, you do need to have sufficient permissions. Admin roles can register applications by default, but regular users need to have the permissions set at the tenant level to be able to do this. https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Is there a particular guide you are following for this?