diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go
index 7b1b109ede..5375ce5fb8 100644
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -854,7 +854,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *mgmt_pb.List
 }
 
 func (s *Server) AddPersonalAccessToken(ctx context.Context, req *mgmt_pb.AddPersonalAccessTokenRequest) (*mgmt_pb.AddPersonalAccessTokenResponse, error) {
-	scopes := []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
+	scopes := []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
 	pat := AddPersonalAccessTokenRequestToCommand(req, authz.GetCtxData(ctx).OrgID, scopes, domain.UserTypeMachine)
 	details, err := s.command.AddPersonalAccessToken(ctx, pat)
 	if err != nil {
diff --git a/internal/api/grpc/system/instance_converter.go b/internal/api/grpc/system/instance_converter.go
index 9aeea3e2c8..271dc1520d 100644
--- a/internal/api/grpc/system/instance_converter.go
+++ b/internal/api/grpc/system/instance_converter.go
@@ -111,7 +111,7 @@ func createInstancePbToAddMachine(req *system_pb.CreateInstanceRequest_Machine,
 	if defaultMachine.Pat != nil || req.PersonalAccessToken != nil {
 		pat := command.AddPat{
 			// Scopes are currently static and can not be overwritten
-			Scopes: []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner},
+			Scopes: []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner},
 		}
 		if req.GetPersonalAccessToken().GetExpirationDate().IsValid() {
 			pat.ExpirationDate = req.PersonalAccessToken.ExpirationDate.AsTime()
diff --git a/internal/integration/integration.go b/internal/integration/integration.go
index d21cb36d2d..4fec3ca523 100644
--- a/internal/integration/integration.go
+++ b/internal/integration/integration.go
@@ -174,7 +174,7 @@ func (s *Tester) createMachineUser(ctx context.Context, instanceId string) {
 		logging.OnError(err).Fatal("add org member")
 	}
 
-	scopes := []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
+	scopes := []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
 	pat := command.NewPersonalAccessToken(user.ResourceOwner, user.ID, time.Now().Add(time.Hour), scopes, domain.UserTypeMachine)
 	_, err = s.Commands.AddPersonalAccessToken(ctx, pat)
 	logging.OnError(err).Fatal("add pat")