1 files changed, 4 insertions, 3 deletions

diff --git a/playbooks/roles/outbound/templates/headscale/config/config.yaml b/playbooks/roles/outbound/templates/headscale/config/config.yaml
index 6bfbfb9..2586848 100644
--- a/playbooks/roles/outbound/templates/headscale/config/config.yaml
+++ b/playbooks/roles/outbound/templates/headscale/config/config.yaml
@@ -135,11 +135,11 @@ unix_socket_permission: "0770"
 
 oidc:
   only_start_if_oidc_is_available: false
-  issuer: "https://{{ idm_domain }}"
+  issuer: "https://{{ idm_domain }}/oauth2/openid/headscale"
   client_id: "headscale"
   client_secret: "{{ headscale_oidc_secret }}"
 
-  scope: ["openid", "profile", "email"]
+  scope: ["openid", "profile", "email", "groups"]
   pkce:
     # Enable or disable PKCE support (default: false)
     enabled: true
@@ -150,7 +150,8 @@ oidc:
 
   allowed_domains:
     - {{ domain }}
-  allowed_users: {{ headscale_allowed_users }}
+  allowed_groups:
+    - vpn@{{ idm_domain }}
   strip_email_domain: true
 
 # Logtail configuration