diff --git a/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java b/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
index 1ac73a30d4ddc85706d6e17296b67bc655be3b9a..d9ade9047baa7e39c1ecd63b52bcffd740d3bb4f 100644
--- a/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
+++ b/src/main/java/org/codelibs/fess/app/web/base/login/OpenIdConnectCredential.java
@@ -18,10 +18,11 @@ package org.codelibs.fess.app.web.base.login;
 import static org.codelibs.core.stream.StreamUtil.split;
 import static org.codelibs.core.stream.StreamUtil.stream;
 
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
 import org.codelibs.fess.helper.SystemHelper;
@@ -46,8 +47,16 @@ public class OpenIdConnectCredential implements LoginCredential, FessCredential
         return (String) attributes.get("email");
     }
 
+    public String[] getUserGroups() {
+        String[] userGroups = (String[]) attributes.get("groups");
+        if (userGroups == null) {
+            userGroups = getDefaultGroupsAsArray();
+        }
+        return (userGroups);
+    }
+
     public OpenIdUser getUser() {
-        return new OpenIdUser(getUserId(), getDefaultGroupsAsArray(), getDefaultRolesAsArray());
+        return new OpenIdUser(getUserId(), getUserGroups(), getDefaultRolesAsArray());
     }
 
     protected static String[] getDefaultGroupsAsArray() {
diff --git a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
index 6cd647cb602ee42bbf65c4a5da4b62e4a353d30e..1c3cb394ea540e37e48c5779b8ebde2ef083a6b1 100644
--- a/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
+++ b/src/main/java/org/codelibs/fess/sso/oic/OpenIdConnectAuthenticator.java
@@ -16,9 +16,7 @@
 package org.codelibs.fess.sso.oic;
 
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
+import java.util.*;
 
 import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
@@ -198,6 +196,15 @@ public class OpenIdConnectAuthenticator implements SsoAuthenticator {
                     case "exp":
                         attributes.put("exp", jsonParser.getText());
                         break;
+                    case "groups":
+                        List<String> list = new ArrayList<String>();
+                        while (jsonParser.nextToken() != JsonToken.END_ARRAY) {
+                            final String group = jsonParser.getText();
+                            list.add(group);
+                            logger.debug(group);
+                        }
+                        attributes.put("groups", list.toArray(new String[list.size()]));
+                        break;
                     }
                 }
             }