diff --git a/modules/monitoring/grafana.nix b/modules/monitoring/grafana.nix
index 1952505..f38f298 100644
--- a/modules/monitoring/grafana.nix
+++ b/modules/monitoring/grafana.nix
@@ -91,12 +91,13 @@ in
               enabled = cfg.auth.enable;
               client_id = "GpPQl4K55kQQhIeuIgzN27kzPzSpY5HlpmqpU9sy";
               client_secret = "$__file{${cfg.auth.sectetKeyFile}}";
-              scopes = "openid email profile";
+              scopes = "openid email profile groups";
               auth_url = "https://${cfg.auth.baseUrl}/application/o/authorize/";
               token_url = "https://${cfg.auth.baseUrl}/application/o/token/";
               api_url = "https://${cfg.auth.baseUrl}/application/o/userinfo/";
               # Optionally map user groups to Grafana roles";
-              role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
+              role_attribute_path = "contains(groups[*], 'Sysadmin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
+              allow_assign_grafana_admin = true;
             };
             database = {
               user = "grafana";