Automating of adding new permissions upon login

Hi there,

Is it possible to automatically add a set of permissions for new users on their token when they login?
I already manage to setup our AAD IDP, anyone who is using the company email can login.
But after they login, they received a 403 page because their tokens permission section is empty.
For now, I have to add them manually, but is there way to add some(not all) permissions for new users automatically?

Thank you for your help.