diff --git a/README.md b/README.md
index 298f2c3..723f922 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,7 @@ With the default configuration, [a person entry](https://www.home-assistant.io/i
 | `discovery_url`            | `string` | Yes      |                      | The OIDC well-known configuration URL.                                                                |
 | `display_name`              | `string` | No       | `"OpenID Connect (SSO)"` | The name to display on the login screen, both for the Home Assistant screen and the OIDC welcome screen.                                                                |
 | `id_token_signing_alg`       | `string` | No       | `RS256`              | The signing algorithm that is used for your id_tokens.
+| `groups_scope`  | `string` | No       | `groups`           | Override the default grups scope with another scope of your choice. |
 | `features.automatic_user_linking`   | `boolean`| No       | `false`          | Automatically links users to existing Home Assistant users based on the OIDC username claim. Disabled by default for security. When disabled, OIDC users will get their own new user profile upon first login.     |
 | `features.automatic_person_creation` | `boolean` | No       | `true`          | Automatically creates a person entry for new user profiles created by this integration. Recommended if you would like to assign presence detection to OIDC users.                                            |
 | `features.disable_rfc7636`  | `boolean`| No       | `false`         | Disables PKCE (RFC 7636) for OIDC providers that don't support it. You should not need this with most providers.                                    |
diff --git a/custom_components/auth_oidc/__init__.py b/custom_components/auth_oidc/__init__.py
index 998c619..4d0ab86 100644
--- a/custom_components/auth_oidc/__init__.py
+++ b/custom_components/auth_oidc/__init__.py
@@ -16,6 +16,7 @@ from .config import (
     DISCOVERY_URL,
     DISPLAY_NAME,
     ID_TOKEN_SIGNING_ALGORITHM,
+    GROUPS_SCOPE,
     FEATURES,
     CLAIMS,
     ROLES,
@@ -53,12 +54,20 @@ async def async_setup(hass: HomeAssistant, config):
 
     _LOGGER.info("Registered OIDC provider")
 
-    # We only use openid, profile & groups, never email
-    include_groups_scope = my_config[FEATURES].get(FEATURES_INCLUDE_GROUPS_SCOPE, True)
+    # Set the correct scopes
+    # Always use 'openid' & 'profile' as they are specified in the OIDC spec
+    # All servers should support this
     scope = "openid profile"
-    if include_groups_scope:
-        scope += " groups"
 
+    # Include groups if requested (default is to include 'groups'
+    # as a scope for Authelia & Authentik)
+    features_config = my_config.get(FEATURES, {})
+    include_groups_scope = features_config.get(FEATURES_INCLUDE_GROUPS_SCOPE, True)
+    groups_scope = my_config.get(GROUPS_SCOPE, "groups")
+    if include_groups_scope:
+        scope += " " + groups_scope
+
+    # Create the OIDC client
     oidc_client = oidc_client = OIDCClient(
         hass=hass,
         discovery_url=my_config.get(DISCOVERY_URL),
diff --git a/custom_components/auth_oidc/config.py b/custom_components/auth_oidc/config.py
index 507035e..4959b45 100644
--- a/custom_components/auth_oidc/config.py
+++ b/custom_components/auth_oidc/config.py
@@ -7,6 +7,7 @@ CLIENT_SECRET = "client_secret"
 DISCOVERY_URL = "discovery_url"
 DISPLAY_NAME = "display_name"
 ID_TOKEN_SIGNING_ALGORITHM = "id_token_signing_alg"
+GROUPS_SCOPE = "groups_scope"
 FEATURES = "features"
 FEATURES_AUTOMATIC_USER_LINKING = "automatic_user_linking"
 FEATURES_AUTOMATIC_PERSON_CREATION = "automatic_person_creation"
@@ -42,6 +43,9 @@ CONFIG_SCHEMA = vol.Schema(
                 # Should we enforce a specific signing algorithm on the id tokens?
                 # Defaults to RS256/RSA-pubkey
                 vol.Optional(ID_TOKEN_SIGNING_ALGORITHM): vol.Coerce(str),
+                # String value to allow changing the groups scope
+                # Defaults to 'groups' which is used by Authelia and Authentik
+                vol.Optional(GROUPS_SCOPE, default="groups"): vol.Coerce(str),
                 # Which features should be enabled/disabled?
                 # Optional, defaults to sane/secure defaults
                 vol.Optional(FEATURES): vol.Schema(
@@ -57,7 +61,7 @@ CONFIG_SCHEMA = vol.Schema(
                         # Feature flag to disable PKCE to support OIDC servers that do not
                         # allow additional parameters and don't support RFC 7636
                         vol.Optional(FEATURES_DISABLE_PKCE): vol.Coerce(bool),
-                        # Make a bool which activates and deactivates scope 'groups'
+                        # Boolean which activates and deactivates scope 'groups'
                         vol.Optional(
                             FEATURES_INCLUDE_GROUPS_SCOPE, default=True
                         ): vol.Coerce(bool),