diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index 04df3715cd208570b6a63e6d453bffb8520dc34d..29241dc6aae223f80e17a15da7a6b8017e650ad1 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -61,19 +61,16 @@ type Config struct {
 	// This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`.
 	OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false
 
-	ClaimMapping ClaimMapping `json:"claimMapping"`
-}
-
-type ClaimMapping struct {
-
-	// Configurable key which contains the preferred username claims
-	PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
+	ClaimMapping struct {
+		// Configurable key which contains the preferred username claims
+		PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
 
-	// Configurable key which contains the email claims
-	EmailKey string `json:"email"` // defaults to "email"
+		// Configurable key which contains the email claims
+		EmailKey string `json:"email"` // defaults to "email"
 
-	// Configurable key which contains the groups claims
-	GroupsKey string `json:"groups"` // defaults to "groups"
+		// Configurable key which contains the groups claims
+		GroupsKey string `json:"groups"` // defaults to "groups"
+	} `json:"claimMapping"`
 }
 
 // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@@ -162,7 +159,9 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
 		userIDKey:                 c.UserIDKey,
 		userNameKey:               c.UserNameKey,
 		overrideClaimMapping:      c.OverrideClaimMapping,
-		claimMapping:              c.ClaimMapping,
+		preferredUsernameKey:      c.ClaimMapping.PreferredUsernameKey,
+		emailKey:                  c.ClaimMapping.EmailKey,
+		groupsKey:                 c.ClaimMapping.GroupsKey,
 	}, nil
 }
 
@@ -186,7 +185,9 @@ type oidcConnector struct {
 	userIDKey                 string
 	userNameKey               string
 	overrideClaimMapping      bool
-	claimMapping              ClaimMapping
+	preferredUsernameKey      string
+	emailKey                  string
+	groupsKey                 string
 }
 
 func (c *oidcConnector) Close() error {
@@ -296,8 +297,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
 
 	prefUsername := "preferred_username"
 	preferredUsername, found := claims[prefUsername].(string)
-	if (!found || c.overrideClaimMapping) && c.claimMapping.PreferredUsernameKey != "" {
-		prefUsername = c.claimMapping.PreferredUsernameKey
+	if (!found || c.overrideClaimMapping) && c.preferredUsernameKey != "" {
+		prefUsername = c.preferredUsernameKey
 		preferredUsername, found = claims[prefUsername].(string)
 		if !found {
 			return identity, fmt.Errorf("missing \"%s\" claim", prefUsername)
@@ -315,8 +316,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
 	var email string
 	emailKey := "email"
 	email, found = claims[emailKey].(string)
-	if (!found || c.overrideClaimMapping) && c.claimMapping.EmailKey != "" {
-		emailKey = c.claimMapping.EmailKey
+	if (!found || c.overrideClaimMapping) && c.emailKey != "" {
+		emailKey = c.emailKey
 		email, found = claims[emailKey].(string)
 		if !found {
 			return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
@@ -340,8 +341,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
 	if c.insecureEnableGroups {
 		groupsKey := "groups"
 		vs, found := claims[groupsKey].([]interface{})
-		if (!found || c.overrideClaimMapping) && c.claimMapping.GroupsKey != "" {
-			groupsKey = c.claimMapping.GroupsKey
+		if (!found || c.overrideClaimMapping) && c.groupsKey != "" {
+			groupsKey = c.groupsKey
 			vs, found = claims[groupsKey].([]interface{})
 		}
 
diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go
index 267c0fcf4753b68a02352faf1f81820d40d14b14..9040cf5c48ac77f713f490d657722bd15a60edbd 100644
--- a/connector/oidc/oidc_test.go
+++ b/connector/oidc/oidc_test.go
@@ -50,7 +50,9 @@ func TestHandleCallback(t *testing.T) {
 		userIDKey                 string
 		userNameKey               string
 		overrideClaimMapping      bool
-		claimMapping              ClaimMapping
+		preferredUsernameKey      string
+		emailKey                  string
+		groupsKey                 string
 		insecureSkipEmailVerified bool
 		scopes                    []string
 		expectUserID              string
@@ -77,12 +79,10 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name:        "customEmailClaim",
-			userIDKey:   "", // not configured
-			userNameKey: "", // not configured
-			claimMapping: ClaimMapping{
-				EmailKey: "mail",
-			},
+			name:               "customEmailClaim",
+			userIDKey:          "", // not configured
+			userNameKey:        "", // not configured
+			emailKey:           "mail",
 			expectUserID:       "subvalue",
 			expectUserName:     "namevalue",
 			expectedEmailField: "emailvalue",
@@ -98,16 +98,14 @@ func TestHandleCallback(t *testing.T) {
 			userIDKey:            "", // not configured
 			userNameKey:          "", // not configured
 			overrideClaimMapping: true,
-			claimMapping: ClaimMapping{
-				EmailKey: "custommail",
-			},
-			expectUserID:       "subvalue",
-			expectUserName:     "namevalue",
-			expectedEmailField: "customemailvalue",
+			emailKey:             "custommail",
+			expectUserID:         "subvalue",
+			expectUserName:       "namevalue",
+			expectedEmailField:   "customemailvalue",
 			token: map[string]interface{}{
 				"sub":            "subvalue",
 				"name":           "namevalue",
-				"mail":           "emailvalue",
+				"email":          "emailvalue",
 				"custommail":     "customemailvalue",
 				"email_verified": true,
 			},
@@ -151,10 +149,8 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name: "withPreferredUsernameKey",
-			claimMapping: ClaimMapping{
-				PreferredUsernameKey: "username_key",
-			},
+			name:                    "withPreferredUsernameKey",
+			preferredUsernameKey:    "username_key",
 			expectUserID:            "subvalue",
 			expectUserName:          "namevalue",
 			expectPreferredUsername: "username_value",
@@ -222,10 +218,8 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name: "customGroupsKey",
-			claimMapping: ClaimMapping{
-				GroupsKey: "cognito:groups",
-			},
+			name:                      "customGroupsKey",
+			groupsKey:                 "cognito:groups",
 			expectUserID:              "subvalue",
 			expectUserName:            "namevalue",
 			expectedEmailField:        "emailvalue",
@@ -241,10 +235,8 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name: "customGroupsKeyButGroupsProvided",
-			claimMapping: ClaimMapping{
-				GroupsKey: "cognito:groups",
-			},
+			name:                      "customGroupsKeyButGroupsProvided",
+			groupsKey:                 "cognito:groups",
 			expectUserID:              "subvalue",
 			expectUserName:            "namevalue",
 			expectedEmailField:        "emailvalue",
@@ -261,11 +253,9 @@ func TestHandleCallback(t *testing.T) {
 			},
 		},
 		{
-			name:                 "customGroupsKeyButGroupsProvidedButOverride",
-			overrideClaimMapping: true,
-			claimMapping: ClaimMapping{
-				GroupsKey: "cognito:groups",
-			},
+			name:                      "customGroupsKeyButGroupsProvidedButOverride",
+			overrideClaimMapping:      true,
+			groupsKey:                 "cognito:groups",
 			expectUserID:              "subvalue",
 			expectUserName:            "namevalue",
 			expectedEmailField:        "emailvalue",
@@ -312,7 +302,9 @@ func TestHandleCallback(t *testing.T) {
 				BasicAuthUnsupported:      &basicAuth,
 				OverrideClaimMapping:      tc.overrideClaimMapping,
 			}
-			config.ClaimMapping = tc.claimMapping
+			config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
+			config.ClaimMapping.EmailKey = tc.emailKey
+			config.ClaimMapping.GroupsKey = tc.groupsKey
 
 			conn, err := newConnector(config)
 			if err != nil {