Merge 1.3.0 changes back to master.
diff --git a/src/chapters/openid-auth.xml b/src/chapters/openid-auth.xml
index 6027fba..646ea8f 100644
--- a/src/chapters/openid-auth.xml
+++ b/src/chapters/openid-auth.xml
@@ -137,17 +137,25 @@
</varlistentry>
</variablelist>
<para>Additional optional properties are available to control how claims within received
- ID tokens are used to derive the user's Guacamole username, the OpenID scopes
- requested when user identities are confirmed, and to control the maximum amount of
- time allowed for various aspects of the conversation with the identity
- provider:</para>
+ ID tokens are used to derive the user's Guacamole username, any associated groups,
+ the OpenID scopes requested when user identities are confirmed, and to control the
+ maximum amount of time allowed for various aspects of the conversation with the
+ identity provider:</para>
<variablelist>
<varlistentry>
<term><property>openid-username-claim-type</property></term>
<listitem>
- <para>The claim type which contains the authenticated user's username within
- any valid JWT. By default, the "<constant>email</constant>" is
- used.</para>
+ <para>The claim type within any valid JWT that contains the authenticated
+ user's username. By default, the "<constant>email</constant>" claim type
+ is used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><property>openid-groups-claim-type</property></term>
+ <listitem>
+ <para>The claim type within any valid JWT that contains the list of groups
+ of which the authenticated user is a member. By default, the
+ "<constant>groups</constant>" claim type is used.</para>
</listitem>
</varlistentry>
<varlistentry>