diff --git a/mealie/core/security/providers/openid_provider.py b/mealie/core/security/providers/openid_provider.py
index a1124d248..1385f635f 100644
--- a/mealie/core/security/providers/openid_provider.py
+++ b/mealie/core/security/providers/openid_provider.py
@@ -43,7 +43,9 @@ class OpenIDProvider(AuthProvider[UserInfo]):
 
         # Check for empty required claims
         for claim in self.required_claims:
-            if not claims.get(claim):
+            if not claims.get(claim) and claim != settings.OIDC_GROUPS_CLAIM:  # Allow empty groups claim
+                # It doesn't actually matter if the groups claim is empty,
+                # since OIDC_ADMIN_GROUP can be set without OIDC_USER_GROUP
                 self._logger.error("[OIDC] Required claim '%s' is empty", claim)
                 raise MissingClaimException()
 
diff --git a/tests/unit_tests/core/security/providers/test_openid_provider.py b/tests/unit_tests/core/security/providers/test_openid_provider.py
index 0fcd92690..7a46f12c0 100644
--- a/tests/unit_tests/core/security/providers/test_openid_provider.py
+++ b/tests/unit_tests/core/security/providers/test_openid_provider.py
@@ -149,6 +149,46 @@ def test_has_admin_group_new_user(monkeypatch: MonkeyPatch, session: Session):
     assert user.admin
 
 
+def test_no_group_new_user(monkeypatch: MonkeyPatch, session: Session):
+    monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
+    get_app_settings.cache_clear()
+
+    data = {
+        "preferred_username": "dude2",
+        "email": "dude2@email.com",
+        "name": "Firstname Lastname",
+        "groups": [],
+    }
+    auth_provider = OpenIDProvider(session, data)
+
+    assert auth_provider.authenticate() is not None
+
+    db = get_repositories(session, group_id=None, household_id=None)
+    user = db.users.get_one("dude2", "username")
+    assert user is not None
+    assert not user.admin
+
+
+def test_nonmatching_group_new_user(monkeypatch: MonkeyPatch, session: Session):
+    monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
+    get_app_settings.cache_clear()
+
+    data = {
+        "preferred_username": "dude2",
+        "email": "dude2@email.com",
+        "name": "Firstname Lastname",
+        "groups": ["testgroup"],
+    }
+    auth_provider = OpenIDProvider(session, data)
+
+    assert auth_provider.authenticate() is not None
+
+    db = get_repositories(session, group_id=None, household_id=None)
+    user = db.users.get_one("dude2", "username")
+    assert user is not None
+    assert not user.admin
+
+
 @pytest.mark.parametrize("valid_group", [True, False])
 @pytest.mark.parametrize("valid_household", [True, False])
 def test_ldap_user_creation_invalid_group_or_household(