diff --git a/docs/authentication.md b/docs/authentication.md
index d7cd66adfa..5147d9b325 100644
--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -285,6 +285,7 @@ appConfig:
     oidc:
       clientId: [registered client id]
       endpoint: [OIDC endpoint]
+      scope: [The scope(s) to request from the OIDC provider]
 ```
 
 Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.
diff --git a/docs/configuring.md b/docs/configuring.md
index acf935757d..c10088f060 100644
--- a/docs/configuring.md
+++ b/docs/configuring.md
@@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
 --- | --- | --- | ---
 **`clientId`** | `string` | Required | The client id registered in the OIDC server
 **`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
+**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
 
 **[⬆️ Back to Top](#configuring)**
 
diff --git a/src/utils/ConfigSchema.json b/src/utils/ConfigSchema.json
index 6d37322731..4fe057604d 100644
--- a/src/utils/ConfigSchema.json
+++ b/src/utils/ConfigSchema.json
@@ -565,7 +565,12 @@
                   "title": "OIDC Client Id",
                   "type": "string",
                   "description": "ClientId from OIDC provider"
-                }
+                },
+                "scope" : {
+                    "title": "OIDC Scope",
+                    "type": "string",
+                    "description": "The scope(s) to request from the OIDC provider"
+                  }
               }
             },
             "enableHeaderAuth": {
diff --git a/src/utils/OidcAuth.js b/src/utils/OidcAuth.js
index 9cec09596a..5d43840428 100644
--- a/src/utils/OidcAuth.js
+++ b/src/utils/OidcAuth.js
@@ -13,14 +13,14 @@ const getAppConfig = () => {
 class OidcAuth {
   constructor() {
     const { auth } = getAppConfig();
-    const { clientId, endpoint } = auth.oidc;
+    const { clientId, endpoint, scope } = auth.oidc;
     const settings = {
       userStore: new WebStorageStateStore({ store: window.localStorage }),
       authority: endpoint,
       client_id: clientId,
       redirect_uri: `${window.location.origin}`,
       response_type: 'code',
-      scope: 'openid profile email roles groups',
+      scope: scope || 'openid profile email roles groups',
       response_mode: 'query',
       filterProtocolClaims: true,
     };