diff --git a/core/files/configure_misp.sh b/core/files/configure_misp.sh
index 9f68bc6..0f96f27 100755
--- a/core/files/configure_misp.sh
+++ b/core/files/configure_misp.sh
@@ -97,11 +97,21 @@ set_up_oidc() {
                 \"client_secret\": \"${OIDC_CLIENT_SECRET}\",
                 \"roles_property\": \"${OIDC_ROLES_PROPERTY}\",
                 \"role_mapper\": ${OIDC_ROLES_MAPPING},
-                \"default_org\": \"${OIDC_DEFAULT_ORG}\",
-                \"scopes\": ${OIDC_SCOPES}
+                \"default_org\": \"${OIDC_DEFAULT_ORG}\"
             }
         }" > /dev/null
 
+        # Check if OIDC_SCOPES is set and not empty
+        if [[ -n "$OIDC_SCOPES" ]]; then
+            # Run the modify_config.php script to update OidcAuth configuration with the provided OIDC_SCOPES
+            # The 'scopes' field will only be added if OIDC_SCOPES has a value
+            sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
+                \"OidcAuth\": {
+                    ${OIDC_SCOPES:+\"scopes\": \"${OIDC_SCOPES}\"}
+                }
+            }" > /dev/null
+        fi
+
         # Set the custom logout URL for OIDC if it is defined
         if [[ -n "${OIDC_LOGOUT_URL}" ]]; then
             sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting -q "Plugin.CustomAuth_custom_logout" "${OIDC_LOGOUT_URL}&post_logout_redirect_uri=${BASE_URL}/users/login"
@@ -128,6 +138,10 @@ set_up_oidc() {
             }
         }" > /dev/null
 
+        # Remove the line containing 'scopes' => from config.php
+        # This prevents an empty scopes entry from being loaded in the configuration.
+        sudo -u www-data sed -i "/'scopes' =>/d" /var/www/MISP/app/Config/config.php
+
         # Use sed to remove the OidcAuth.Oidc entry from the 'auth' array in the config.php
         sudo -u www-data sed -i "/'auth' =>/,/)/ { /0 => 'OidcAuth.Oidc',/d; }" /var/www/MISP/app/Config/config.php
 
diff --git a/template.env b/template.env
index 3d069a8..df66f7b 100644
--- a/template.env
+++ b/template.env
@@ -123,6 +123,7 @@ SYNCSERVERS_1_PULL_RULES=
 # OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
 # OIDC_DEFAULT_ORG=
 # OIDC_LOGOUT_URL=
+# OIDC_SCOPES=
 
 # Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
 # NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,