diff --git a/charts/gitops-server/templates/oidc-auth-secret.yaml b/charts/gitops-server/templates/oidc-auth-secret.yaml
index cbf47372a2..212f14f12d 100644
--- a/charts/gitops-server/templates/oidc-auth-secret.yaml
+++ b/charts/gitops-server/templates/oidc-auth-secret.yaml
@@ -11,5 +11,10 @@ data:
   clientSecret: {{ .clientSecret | required "oidcSecret.clientSecret must be set" | b64enc | quote }}
   issuerURL: {{ .issuerURL | required "oidcSecret.issuerURL must be set" | b64enc | quote }}
   redirectURL: {{ .redirectURL | required "oidcSecret.redirectURL must be set" | b64enc | quote }}
+  {{- if .additionalKeys -}}
+  {{- range $k, $v := .additionalKeys }}
+  {{ $k }}: {{ $v | b64enc | quote  }}
+  {{- end }}
+  {{- end }}
   {{- end }}
 {{- end }}
diff --git a/charts/gitops-server/values.yaml b/charts/gitops-server/values.yaml
index e4cd620a64..b6dbc44b06 100644
--- a/charts/gitops-server/values.yaml
+++ b/charts/gitops-server/values.yaml
@@ -35,6 +35,12 @@ oidcSecret:
   # clientSecret:
   # issuerURL:
   # redirectURL:
+  # -- If non empty, additional keys can be added to the OIDC secret
+  additionalKeys: {}
+  # additionalKeys:
+  #   claimUsername: "email"
+  #   claimGroups: "groups"
+  #   customScopes: "openid,offline_access,email,groups"
 serviceAccount:
   # -- Specifies whether a service account should be created
   create: true