diff --git a/gooddata-server-oauth2-autoconfigure/src/main/kotlin/JitProvisioningAuthenticationSuccessHandler.kt b/gooddata-server-oauth2-autoconfigure/src/main/kotlin/JitProvisioningAuthenticationSuccessHandler.kt
index b21a02e..d4b0c0f 100644
--- a/gooddata-server-oauth2-autoconfigure/src/main/kotlin/JitProvisioningAuthenticationSuccessHandler.kt
+++ b/gooddata-server-oauth2-autoconfigure/src/main/kotlin/JitProvisioningAuthenticationSuccessHandler.kt
@@ -51,7 +51,8 @@ class JitProvisioningAuthenticationSuccessHandler(
         ).flatMap { organization ->
             client.getJitProvisioningSetting(organization.id).flatMap {
                 if (it.enabled) {
-                    provisionUser(authenticationToken, organization, it)
+                    val userGroupsClaimName = it.userGroupsClaimName ?: GD_USER_GROUPS
+                    provisionUser(authenticationToken, organization, userGroupsClaimName, it.userGroupsDefaults)
                 } else {
                     logMessage("JIT provisioning disabled, skipping", "finished", "")
                     Mono.empty()
@@ -63,7 +64,8 @@ class JitProvisioningAuthenticationSuccessHandler(
     private fun provisionUser(
         authenticationToken: OAuth2AuthenticationToken,
         organization: Organization,
-        jitSetting: JitProvisioningSetting,
+        userGroupsClaimName: String,
+        userGroups: List<String>? = null
     ): Mono<User> {
         checkMandatoryClaims(authenticationToken, organization.id)
         logMessage("Initiating JIT provisioning", "started", organization.id)
@@ -71,9 +73,7 @@ class JitProvisioningAuthenticationSuccessHandler(
         val firstnameClaim = authenticationToken.getClaim(GIVEN_NAME)
         val lastnameClaim = authenticationToken.getClaim(FAMILY_NAME)
         val emailClaim = authenticationToken.getClaim(EMAIL)
-
-        val userGroupsClaimName = jitSetting.userGroupsClaimName ?: GD_USER_GROUPS
-        val userGroupsClaim = authenticationToken.getClaimList(userGroupsClaimName) ?: jitSetting.userGroupsDefaults
+        val userGroupsClaim = authenticationToken.getClaimList(userGroupsClaimName) ?: userGroups
 
         return client.getUserByAuthenticationId(organization.id, subClaim)
             .flatMap { user ->
@@ -83,7 +83,7 @@ class JitProvisioningAuthenticationSuccessHandler(
                     user.firstname = firstnameClaim
                     user.lastname = lastnameClaim
                     user.email = emailClaim
-                    if (jitSetting.userGroupsScopeEnabled && userGroupsClaim != null) {
+                    if (userGroupsClaim != null) {
                         user.userGroups = userGroupsClaim
                     }
                     client.patchUser(organization.id, user)