diff --git a/webserver.js b/webserver.js
index 8891ba29..c897b60f 100644
--- a/webserver.js
+++ b/webserver.js
@@ -2591,24 +2591,24 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
             const groups = { 'enabled': typeof strategy.groups == 'object' }
             parent.authLog(req.user.strategy.toUpperCase(), `User Authorized: ${JSON.stringify(req.user)}`);
             if (groups.enabled) { // Groups only available for OIDC strategy currently
-                groups.userMemberships = obj.common.convertStrArray(req.user.groups)
-                groups.syncEnabled = (strategy.groups.sync === true || strategy.groups.sync?.filter) ? true : false
-                groups.syncMemberships = []
-                groups.siteAdminEnabled = strategy.groups.siteadmin ? true : false
-                groups.grantAdmin = false
-                groups.revokeAdmin = strategy.groups.revokeAdmin ? strategy.groups.revokeAdmin : true
-                groups.requiredGroups = obj.common.convertStrArray(strategy.groups.required)
-                groups.siteAdmin = obj.common.convertStrArray(strategy.groups.siteadmin)
-                groups.syncFilter = obj.common.convertStrArray(strategy.groups.sync?.filter)
+                groups.userMemberships = obj.common.convertStrArray(req.user.groups);
+                groups.syncEnabled = (strategy.groups.sync === true || strategy.groups.sync?.filter) ? true : false;
+                groups.syncMemberships = [];
+                groups.siteAdminEnabled = strategy.groups.siteadmin ? true : false;
+                groups.grantAdmin = false;
+                groups.revokeAdmin = strategy.groups.revokeAdmin ? strategy.groups.revokeAdmin : true;
+                groups.requiredGroups = obj.common.convertStrArray(strategy.groups.required);
+                groups.siteAdmin = obj.common.convertStrArray(strategy.groups.siteadmin);
+                groups.syncFilter = obj.common.convertStrArray(strategy.groups.sync?.filter);
 
                 // Fancy Logs
-                let groupMessage = ''
+                let groupMessage = '';
                 if (groups.userMemberships.length == 1) { groupMessage = ` Found membership: "${groups.userMemberships[0]}"` }
                 else { groupMessage = ` Found ${groups.userMemberships.length} memberships: ["${groups.userMemberships.join('", "')}"]` }
                 parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}"` + groupMessage);
 
                 // Check user membership in required groups
-                if (groups.requiredGroups != null) {
+                if (groups.requiredGroups.length > 0) {
                     let match = false
                     for (var i in groups.requiredGroups) {
                         if (groups.userMemberships.indexOf(groups.requiredGroups[i]) != -1) {
@@ -2617,7 +2617,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                         }
                     }
                     if (match === false) {
-                        parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" Login denied. No memberhip to required group.`);
+                        parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" Login denied. No membership to required group.`);
                         req.session.loginmode = 1;
                         req.session.messageid = 111; // Access Denied.
                         res.redirect(domain.url + getQueryPortion(req));
@@ -2640,15 +2640,25 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
 
                 // Check if we need to sync user-memberships (IdP) with user-groups (meshcentral)
                 if (groups.syncEnabled === true) {
-                    for (var i in groups.syncFilter) {
-                        if (groups.userMemberships.indexOf(groups.syncFilter[i]) >= 0) { groups.syncMemberships.push(groups.syncFilter[i]); }
+                    if (groups.syncFilter.length > 0){ // config.json has specified sync.filter so loop and use it
+                        for (var i in groups.syncFilter) {
+                            if (groups.userMemberships.indexOf(groups.syncFilter[i]) >= 0) { groups.syncMemberships.push(groups.syncFilter[i]); }
+                        }
+                    } else { // config.json doesnt have sync.filter specified so we are going to sync all the users groups from oidc instead
+                        for (var i in groups.userMemberships) {
+                            groups.syncMemberships.push(groups.userMemberships[i]);
+                        }
                     }
                     if (groups.syncMemberships.length > 0) {
-                        parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" Filtered user memberships from config to sync: ${groups.syncMemberships.join(', ')}`);
+                        parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" User memberships to sync: ${groups.syncMemberships.join(', ')}`);
                     } else {
                         groups.syncMemberships = null;
-                        groups.syncEnabled = false
-                        parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" No sync memberships found after filter: ${strategy.groups.sync.filter.join(', ')}`);
+                        groups.syncEnabled = false;
+                        if (groups.syncFilter.length > 0){
+                            parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" No sync memberships found using filters: ${groups.syncFilter.join(', ')}`);
+                        } else {
+                            parent.authLog('handleStrategyLogin', `${req.user.strategy.toUpperCase()}: GROUPS: USER: "${req.user.sid}" No sync memberships found`);
+                        }
                     }
                 }
             }