diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 1b511fab1cc069ebf5af68d09e8d85f240152f3a..23fb520780e4eaa51526d593b74ad9821292ce03 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -32,6 +32,8 @@ SSO_REQUIRED_OUTSIDE_MANAGE_PY = True  # enabled to ensure that production (that
 SP_SLS_ENABLED = False  # single log out creates too many problems, so it is disabled for now
 SP_SLS_X_FRAME_OPTIONS = None  # in case you encounter problems with SLS view not allowed inside of an iframe, e.g. "ALLOW-FROM idp-test.it.hs-hannover.de idp.hs-hannover.de"
 
+GROUPS_SAML_ATTRIBUTE = "IDMGroups"  # this SAML attribute is expected to contain list of groups for a user
+
 """
 Settings you might want to change on development (don't change them for production):
 """
diff --git a/ssoauth/views.py b/ssoauth/views.py
index bcd1c0f74f003175aa6dcedea1c0f8b05a5618c6..3aed913af6ec8cb333293596e1e19ebb8d95764b 100644
--- a/ssoauth/views.py
+++ b/ssoauth/views.py
@@ -28,7 +28,7 @@ ATTRIBUTE_MAPPING = dict(
     forename="urn:oid:2.5.4.42",
     surname="urn:oid:2.5.4.4",
     uuid="UUID",
-    idm_groups="IDMGroups",
+    groups=app_settings.GROUPS_SAML_ATTRIBUTE,
 )
 
 
@@ -195,7 +195,7 @@ class ACSAuthNView(SAMLMixin, View):
         )
         auth_utils.set_user_groups(
             user=user,
-            group_dn_list=get_attr("idm_groups", nullable=True, multivalued=True) or list()
+            saml2_groups=get_attr("groups", nullable=True, multivalued=True) or list()
         )
         auth_utils.cleanup_direct_permissions(user=user)
         auth_utils.set_user_compat_flags(user=user)