diff --git a/server/templates.go b/server/templates.go
index 9be8019a..7ac18cc1 100644
--- a/server/templates.go
+++ b/server/templates.go
@@ -238,6 +238,9 @@ var scopeDescriptions = map[string]string{
 	"offline_access": "Have offline access",
 	"profile":        "View basic profile information",
 	"email":          "View your email address",
+	// 'groups' is not a standard OIDC scope, and Dex only returns groups only if the upstream provider does too.
+	// This warning is added for convenience to show that the user may expose some sensitive data to the application.
+	"groups": "View your groups",
 }
 
 type connectorInfo struct {