diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 81402d5a450cfa240a10e20a86135d98f57d0f53..3fce49cff58187fc60d9f3b986bd2c004893d214 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,8 @@ Unreleased
 Added
 ~~~~~
 
+* OpenID connect scope and accompanying claim `groups`
+
 Fixed
 ~~~~~
 
diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index fbd436ae1d69c3d705a9a3ec9896538974f02eb6..3c8f46e5f09449587fb040e916918f80864c7658 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -345,6 +345,7 @@ if _settings.get("oauth2.oidc.enabled", False):
             "address": _("Full home postal address"),
             "email": _("Email address"),
             "phone": _("Home and mobile phone"),
+            "groups": _("Groups"),
         }
     )
 
diff --git a/aleksis/core/util/auth_helpers.py b/aleksis/core/util/auth_helpers.py
index 8caea1659fd821f10229e5339adffd5a56659c99..4f6e403cb678ff4a39f0199b0670ff6b3d8cdb45 100644
--- a/aleksis/core/util/auth_helpers.py
+++ b/aleksis/core/util/auth_helpers.py
@@ -77,6 +77,9 @@ class CustomOAuth2Validator(OAuth2Validator):
                 "postal_code": request.user.person.postal_code,
             }
 
+        if "groups" in request.scopes and has_person(request.user):
+            claims["groups"] = request.user.person.groups.values_list("name", flat=True).all()
+
         return claims