diff --git a/Documentation/api.md b/Documentation/api.md
index 48a9f509..67c1ba3c 100644
--- a/Documentation/api.md
+++ b/Documentation/api.md
@@ -12,11 +12,13 @@ Admins that wish to expose the gRPC service must add the following entry to the
 grpc:
   # Cannot be the same address as an HTTP(S) service.
   addr: 127.0.0.1:5557
-  # Server certs. If TLS credentials aren't provided dex will generate self-signed ones.
+  # Server certs. If TLS credentials aren't provided dex will run in plaintext (HTTP) mode.
   tlsCert: /etc/dex/grpc.crt
   tlsKey: /etc/dex/grpc.key
   # Client auth CA.
   tlsClientCA: /etc/dex/client.crt
+  # enable reflection
+  reflection: true
 ```
 
 ## Generating clients
diff --git a/cmd/dex/config.go b/cmd/dex/config.go
index 77f4a779..a0536b1c 100644
--- a/cmd/dex/config.go
+++ b/cmd/dex/config.go
@@ -150,6 +150,7 @@ type GRPC struct {
 	TLSCert     string `json:"tlsCert"`
 	TLSKey      string `json:"tlsKey"`
 	TLSClientCA string `json:"tlsClientCA"`
+	Reflection  bool   `json:"reflection"`
 }
 
 // Storage holds app's storage configuration.
diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 208ec9c0..bba643a1 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -21,6 +21,7 @@ import (
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/reflection"
 
 	"github.com/dexidp/dex/api"
 	"github.com/dexidp/dex/pkg/log"
@@ -282,6 +283,10 @@ func serve(cmd *cobra.Command, args []string) error {
 				s := grpc.NewServer(grpcOptions...)
 				api.RegisterDexServer(s, server.NewAPI(serverConfig.Storage, logger))
 				grpcMetrics.InitializeMetrics(s)
+				if c.GRPC.Reflection {
+					logger.Info("enabling reflection in grpc service")
+					reflection.Register(s)
+				}
 				err = s.Serve(list)
 				return fmt.Errorf("listening on %s failed: %v", c.GRPC.Addr, err)
 			}()