diff --git a/charts/argo-cd/templates/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-rbac-cm.yaml
index fb688d03..7d3aa6ea 100755
--- a/charts/argo-cd/templates/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-rbac-cm.yaml
@@ -16,3 +16,6 @@ data:
   policy.csv:
 {{- toYaml .Values.rbac.policyCsv | indent 4 }}
 {{- end }}
+{{- if .Values.rbac.scopes }}
+  scopes: {{ .Values.rbac.scopes }}
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 15d909dd..c4d7c677 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -157,6 +157,8 @@ rbac:
   #   g, your-github-org:your-team, role:org-admin
   # The default role Argo CD will fall back to, when authorizing API requests
   policyDefault: #role:readonly
+  # Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
+  scopes: #[groups]
 
 redis:
   image: