diff --git a/machines/nixos/compute01/kanidm/default.nix b/machines/nixos/compute01/kanidm/default.nix
index 77df495..d27cc28 100644
--- a/machines/nixos/compute01/kanidm/default.nix
+++ b/machines/nixos/compute01/kanidm/default.nix
@@ -85,6 +85,7 @@ in
       groups =
         {
           grp_active.members = catAttrs "username" (attrValues meta.organization.members);
+          grp-ext_cri.memberless = true;
         }
         // (mapAttrs' (
           name: members: nameValuePair "grp_${name}" { members = builtins.map usernameFor members; }
@@ -163,6 +164,12 @@ in
             "profile"
             "email"
           ];
+
+          scopeMaps.grp-ext_cri = [
+            "openid"
+            "profile"
+            "email"
+          ];
         };
 
         dgn_outline = {