diff --git a/server/conf.go b/server/conf.go
index bb7ddbb..ef9afa7 100644
--- a/server/conf.go
+++ b/server/conf.go
@@ -12,4 +12,5 @@ type Conf struct {
 	Issuer         string             `json:"issuer"`
 	SsoServices    []issuer.SsoConfig `json:"sso_services"`
 	AllowedClients []utils.JsonUrl    `json:"allowed_clients"`
+	Permissions    []string           `json:"permissions"`
 }
diff --git a/server/flow.go b/server/flow.go
index 1d7e3a3..f802853 100644
--- a/server/flow.go
+++ b/server/flow.go
@@ -129,6 +129,9 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
 	}
 
 	ps := claims.NewPermStorage()
+	for _, i := range h.conf.Permissions {
+		ps.Set(i)
+	}
 
 	if verified, ok := v3["email_verified"].(bool); ok && verified {
 		if mailAddress, ok := v3["email"].(string); ok {