This article describes Microsoft Entra ID application consent as part of OnePlan security.
The application permission request approval is part of OnePlan technical readiness. See Complete the OnePlan setup actions.
When setting up OnePlan, administrators, and users (depending on your organization), may encounter an application permission request. This request is standard with Microsoft authentication. See Consent experience for applications in Microsoft Entra ID for more information on Entra ID application consent.
The app permission is delegated, meaning OnePlan itself does not get access to your Entra ID, nor do we collect any identifying information, including user names and passwords. OnePlan acts on behalf of the user who has logged in with their Microsoft account.
Once approved, an enterprise app registration is added in Entra ID for OnePlan. The screenshot below details all of the permissions granted to OnePlan as an Entra ID enterprise app. See Microsoft Graph permissions reference and Quickstart: Configure an app to access a web API - Microsoft identity platform, for more detail on what these permissions mean.
The application permission is the same whether approved per user or on behalf of the organization by an administrator.