Identity Core Access  ·  Web Application Access  ·  Power Platform Access  ·  Identity API Access
View Mode
Leave blank to use organizations — works for any work/school account across all tenants.
Opens three sequential popups (SSO makes 2nd & 3rd near-instant). Allow popups if prompted.

Side-by-Side Token Comparison

Claim Web Application Power Platform Identity API Access Expected
Mavim Cloud – Identity Core Access (Resource)
aud: 51fb1b02-5c75-445f-9225-807e50623cd4 Resource app registration
ℹ️ Resource app registration (audience).
All three client apps (Web, Power Platform, and API) request access to this central Identity Core Access resource. The tokens issued to the three client apps will contain aud = this resource ID, proving they are authorized to access it.
App ID URI: https://adapps.mavimcloud.com/mavim.cloud.identity.core
Resource Status
Mavim Cloud – Identity Web Application Access
azp: 22720fe1-6437-4a23-819c-55cd6e69c7f3 aud: 51fb1b02-5c75-445f-9225-807e50623cd4 scope: web.application.access
ID Token Claims
Access Token Claims
Mavim Cloud – Identity Power Platform Access
azp: 2269e636-3dc1-46aa-aff6-0b4a40cc31ba aud: 51fb1b02-5c75-445f-9225-807e50623cd4 scope: powerplatform.access
ID Token Claims
Access Token Claims
Mavim Cloud – Identity API Access
azp: d7e8c2c2-4dee-4a43-b04a-a80ceab0417b aud: 51fb1b02-5c75-445f-9225-807e50623cd4 Application permission · api.access
ℹ️ Application permission — SPA sign-in only.
api.access is an Application-type permission used by daemon/backend services with a client secret — a browser SPA cannot acquire it in a token.
What this pane does prove: a successful sign-in confirms the enterprise app (service principal) is installed in the customer's tenant. The ID token aud = this client ID is the verification. The api.access admin consent status must be verified separately (e.g. via Graph API or the Azure Portal).
ID Token Claims
Access Token Claims