diff --git a/abra.sh b/abra.sh
index ccfd17d..6658555 100644
--- a/abra.sh
+++ b/abra.sh
@@ -8,7 +8,7 @@ export SYSTEM_TENANT_VERSION=v1
 export NEXTCLOUD_CONFIG_VERSION=v1
 export WORDPRESS_CONFIG_VERSION=v1
 export MATRIX_CONFIG_VERSION=v1
-export WEKAN_CONFIG_VERSION=v1
+export WEKAN_CONFIG_VERSION=v2
 export VIKUNJA_CONFIG_VERSION=v1
 
 customize() {
diff --git a/wekan.yaml.tmpl b/wekan.yaml.tmpl
index 63dab5f..0cbc1b7 100644
--- a/wekan.yaml.tmpl
+++ b/wekan.yaml.tmpl
@@ -5,6 +5,23 @@ metadata:
   name: wekan
 
 entries:
+- attrs:
+    description: wekan
+    expression: "groupsDict = {\"wekanGroups\": []}\nfor group in request.user.ak_groups.all():\n\
+      \  my_attributes = group.attributes\n  my_attributes[\"displayName\"] = group.name\n\
+      \  my_attributes[\"isAdmin\"] = group.is_superuser\n\
+      \  my_attributes[\"isActive\"] = group.attributes[\"\
+      isActive\"] if 'isActive' in group.attributes else True\n  my_attributes[\"\
+      forceCreate\"] = group.attributes[\"forceCreate\"] if 'forceCreate' in group.attributes\
+      \ else True\n  groupsDict[\"wekanGroups\"].append(my_attributes)\nreturn groupsDict"
+    managed: null
+    scope_name: wekan
+  conditions: []
+  id: wekan_group_mapping
+  identifiers:
+    name: wekan
+  model: authentik_providers_oauth2.scopemapping
+  state: present
 
 - attrs:
     access_code_validity: minutes=1
@@ -19,6 +36,7 @@ entries:
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
     - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+    - !KeyOf wekan_group_mapping
     signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
     sub_mode: user_username
     token_validity: days=30