diff --git a/server/templates.go b/server/templates.go
index 9be8019a487f7529475815f64fc4f26b5483b35f..7ac18cc162e41f32c338d18420bb30f969284a6c 100644
--- a/server/templates.go
+++ b/server/templates.go
@@ -238,6 +238,9 @@ var scopeDescriptions = map[string]string{
 	"offline_access": "Have offline access",
 	"profile":        "View basic profile information",
 	"email":          "View your email address",
+	// 'groups' is not a standard OIDC scope, and Dex only returns groups only if the upstream provider does too.
+	// This warning is added for convenience to show that the user may expose some sensitive data to the application.
+	"groups": "View your groups",
 }
 
 type connectorInfo struct {