diff --git a/server/modules/authentication/oidc/authentication.js b/server/modules/authentication/oidc/authentication.js
index 6bd244fe..5f9d0269 100644
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -29,6 +29,17 @@ module.exports = {
               email: _.get(profile, '_json.' + conf.emailClaim)
             }
           })
+          if (conf.mapGroups) {
+            const groups = _.get(profile, '_json.' + conf.groupsClaim)
+            if (groups) {
+              const groupIDs = Object.values(WIKI.auth.groups)
+                .filter(g => groups.includes(g.name))
+                .map(g => g.id)
+              for (let groupID of groupIDs) {
+                await user.$relatedQuery('groups').relate(groupID)
+              }
+            }
+          }
           cb(null, user)
         } catch (err) {
           cb(err, null)
diff --git a/server/modules/authentication/oidc/definition.yml b/server/modules/authentication/oidc/definition.yml
index 02812c4f..ae1c636a 100644
--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@@ -49,8 +49,21 @@ props:
     default: email
     maxWidth: 500
     order: 7
+  mapGroups:
+    type: Boolean
+    title: Map Groups
+    hint: Map groups matching names from the groups claim value
+    default: false
+    order: 8
+  groupsClaim:
+    type: String
+    title: Groups Claim
+    hint: Field containing the group names
+    default: groups
+    maxWidth: 500
+    order: 9
   logoutURL:
     type: String
     title: Logout URL
     hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
-    order: 8
+    order: 10