diff --git a/authorize/evaluator/opa/policy/authz.rego b/authorize/evaluator/opa/policy/authz.rego
index 1cb04d449..9d97f9e49 100644
--- a/authorize/evaluator/opa/policy/authz.rego
+++ b/authorize/evaluator/opa/policy/authz.rego
@@ -210,6 +210,10 @@ jwt_payload_email = v {
 
 jwt_payload_groups = v {
 	v = array.concat(group_ids, get_databroker_group_names(group_ids))
+	v != []
+} else = v {
+	v = session.claims["groups"]
+	v != null
 } else = [] {
 	true
 }