diff --git a/Config/config.php b/Config/config.php
index f29a455..5cc5ae5 100644
--- a/Config/config.php
+++ b/Config/config.php
@@ -52,6 +52,9 @@
     ],
     'roles_property' => {{ OIDC_ROLES_PROPERTY_INNER | str }},
     'organisation_property' => {{ OIDC_ORGANISATION_PROPERTY | str }},
+    {% if OIDC_SCOPES %}
+    'scopes' => [{% for scope in OIDC_SCOPES %}'{{ scope }}'{% if not loop.last %}, {% endif %}{% endfor %}],
+    {% endif %}
     'default_org' => '{{ OIDC_DEFAULT_ORG if OIDC_DEFAULT_ORG else MISP_ORG }}',
     'unblock' => true,
     'offline_access' => {{ OIDC_OFFLINE_ACCESS | bool }},
diff --git a/bin/misp_create_configs.py b/bin/misp_create_configs.py
index 89395eb..daa7cd4 100644
--- a/bin/misp_create_configs.py
+++ b/bin/misp_create_configs.py
@@ -130,6 +130,10 @@ def parse_oidc_roles(variable_name: str, value: str) -> dict:
     return dict_parser(variable_name, value, seperator=',', variable_description="OIDC roles mapping variable")
 
 
+def parse_oidc_scopes(variable_name: str, value: str) -> list:
+    return [scope.strip() for scope in value.split(',') if scope.strip()]
+
+
 def parse_x_forwarded_headers(variable_name: str, value: str) -> list:
     valid_values = ("X-Forwarded-Host", "X-Forwarded-Port", "X-Forwarded-Proto", "Forwarded")
     headers = value.split(" ")
@@ -185,6 +189,7 @@ def parse_mysql_settings(variable_name: str, value: str) -> dict:
     ),
     "OIDC_ROLES_PROPERTY_INNER": Option(),
     "OIDC_ORGANISATION_PROPERTY": Option(default="organization"),
+    "OIDC_SCOPES": Option(parser=parse_oidc_scopes),
     "OIDC_OFFLINE_ACCESS": Option(typ=bool, default=False),
     "OIDC_CHECK_USER_VALIDITY": Option(typ=int, default=0, validation=check_uint),
     "OIDC_UPDATE_USER_ROLE": Option(typ=bool, default=True),
diff --git a/docs/OIDC.md b/docs/OIDC.md
index c34d317..4119d03 100644
--- a/docs/OIDC.md
+++ b/docs/OIDC.md
@@ -20,6 +20,7 @@ OIDC authentication is not used. Instead, Apache checks if a key is valid and le
 * `OIDC_ROLES_PROPERTY` (optional, string, default `roles`) - name of claim used for user roles in MISP
 * `OIDC_ROLES_MAPPING` (optional, string, default see bellow) - roles mapping from roles provided by IdP to MISP roles
 * `OIDC_ORGANISATION_PROPERTY` (optional, string, default `organization`) - ID token or user info claim that will be used as an organisation in MISP. This property should contain organisation ID, name or UUID.
+* `OIDC_SCOPES` (optional, string) - comma-separated list of OIDC scopes to request (e.g., `profile,email`). Make sure to add your custom scope here if you set any in the identity provider.
 * `OIDC_OFFLINE_ACCESS` (optional, boolean, default `false`) - if true, offline access token will be requested for user
 * `OIDC_CHECK_USER_VALIDITY` (optional, int, default `0`) - number of seconds, after which user will be revalidated if he is still active in IdP. Zero means that this functionality is disabled. Recommended value is `300`.
 * `OIDC_UPDATE_USER_ROLE` (optional, bool, default `true`) - if disabled, manually modified role in MISP admin interface will be not changed from roles defined in OIDC